47153 matches found
VBZooM <=V1.11 " reply.php" SQL Injection
=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Search:- POWERED BY: VBZooM V1.11 Example:- /reply.php?UserID=SQL njection...
VMSA-2006-0002 - VMware Server sensitive information lifetime issue
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2006-0002 Synopsis: VMware Server sensitive information lifetime issue Advisory URL:...
Newswriter v1.0 Remote XSS Exploit
------------------------------------------------------------------ - Newswriter v1.0 Remote XSS Exploit - -= http://colander.altervista.org/advisory/Newswriter.txt =- ------------------------------------------------------------------ -= Newswriter v1.0 =- Omnipresent May 20, 2006 Vunerabilitys:...
Invision Gallery 2.0.6 ( SQL Injection )
left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...
[security bulletin] HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00622788 Version: 1 HPSBUX02105 SSRT061134 rev.1 - HP-UX Running swagentd Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...
[Full-disclosure] Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.
--Security Report-- Advisory: Jiros Banner Experience Pro Remote Privilege Escalation. --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 07/03/06 04:52 AM --- Contacts: ICQ: 10072 MSN/Email: [email protected] Web: http://www.nukedx.com --- Vendor: Jiros http://www.jiros.net...
Bug for libs in php link directory 2.0
Program: PHPLD Php link directory Homepage: http://www.phplinkdirectory.com/ Language: PHP Version: 2.0 Php link directory use lib's how adodb, smarthy, phpmailer, etc., etc. but this lib's have bug's. Bugs: ADOdb PostgreSQL SQL Injection Vulnerability http://www.securityfocus.com/bid/16364...
eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities
Site: http://www.phpbbstyles.com/ 1. Remote File Content Disclosure http://forum/admin/xsedit.php?edit=../../../../etc/passwd 2. Full Path Disclosure http://forum/admin/xsedit.php?edit=&viewbackup=1 http://wtf.bz/...
FunkBoard V0.66CF (possibly prior versions) cross site scripting, possible database username/password disclosure & board takeover,possible remote code execution
FunkBoard V0.66CF possibly prior versions cross site scripting, possible database username/password disclosure & board takeover, possible remote code execution software: author site: http://www.pathtofunkboard.co.uk/ xss:...
[VulnWatch] CORE-2004-0819: MSN Messenger PNG Image Parsing Vulnerability
Core Security Technologies Advisory http://www.coresecurity.com MSN Messenger PNG Image Parsing Vulnerability Date Published: 2005-02-08 Last Update: 2005-02-08 Advisory ID: CORE-2004-0819 Bugtraq ID: None currently assigned. CVE Name: CAN-2004-0597 Title: MSN Messenger PNG Image Parsing...
DCP Portal - 5.5 holes
Never use this product if you have turned off magicquotesgpc. And this product won't work anyway if you have turned off registerglobals. All the files in the product, dont check for integrity of variables. You can easily exploit this using some SQL Injection techniques. For example, if you want t...
Microsoft Security Bulletin MS03-017: Flaw in Windows Media Player Skins Downloading could allow Code Execution (817787)
-----BEGIN PGP SIGNED MESSAGE----- - -------------------------------------------------------------------- Title: Flaw in Windows Media Player Skins Downloading could allow Code Execution 817787 Date: 07 May 2003 Software: Microsoft Windows Media Player 7.1 Microsoft Windows Media Player for Windo...
Multiple Web Security Holes
I sent this three times to webappsec but without resultats. I try so on bugtraq, although that is less appropriate. ----------------------------------------------------- Five products in PHP are vulnerable to various holes. 1 TightAuction Website : http://www.tightprices.com Tested Version : 3.0...
[Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis
Mantis Advisory/2002-04 Arbitrary code execution vulnerability in Mantis 0. Table of Contents 1. Introduction 2. Summary / Impact analysis 3. Affected versions 4. Workaround / Solution 5. Detailed explanation 6. Credit 7. Contact details 1. Introduction Mantis is an Open Source web-based...
[ WWWThreads, UBBThreads ] Security Hole in upload system
WWWThreads, UBBThreads Security Hole in upload system Author: RootExtractor, CompuMe [email protected], [email protected] I. Details II. Vulnerable ver's III. Example, Xploit IV. Solution Details : ..: config.inc.php :.. ------------------------- snip ------------------------------ //...
NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
NSFBUGTRAQOCUS Security AdvisorySA2001-02 Topic: Microsoft IIS CGI Filename Decode Error Vulnerability Release DateЈє 2001-5-15 CVE Candidate Numbers: CAN-2001-0333 BUGTRAQ ID : 2708 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Not affected system: ===================...
[SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
FSC Internet Corp. / SecureXpert Labs Advisory SX-20010320-2b This is a follow-up to: SX-20010320-2 Denial of Service in Microsoft ISA server v1.0 Several individuals have pointed out an easier exploit scenario for this vulnerability, which additionally does NOT require the Web Publishing feature...
[CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector vulnerability
CORE SDI http://www.core-sdi.com SSH1 CRC-32 compensation attack detector vulnerability Date Published: 2001-02-08 Advisory ID: CORE-20010207 Bugtraq ID: 2347 CVE CAN: CAN-2001-0144 Title: SSH1 CRC-32 compensation attack detector vulnerability Class: Boundary Error Condition Remotely Exploitable:...
Security Bulletin MS00-092
The following is a Security Bulletin from the Microsoft Product Security Notification Service. Please do not reply to this message, as it was sent from an unattended mailbox. -----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------ Issue: Buffer overrun...
Security Advisory: Cisco IOS Software TELNET Option Handling Vulnerability
Cisco IOS Software TELNET Option Handling Vulnerability Revision 1.0 For public release Thursday 2000/04/20 at 09:00 AM US/Eastern UTC-0400. --------------------------------------------------------------------------- Summary ======= A defect in multiple Cisco IOS software versions will cause a...
Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin
Vulnerability title: Multiple Path/Directory Traversal and/or Local File Inclusion in Easy2Map version 1.2.9 WordPress plugin CVE: CVE-2015-7669 Vendor: Steven Ellis Product: Easy2Map Affected version: 1.2.9 Fixed version: 1.3.0 Reported by: Iberia Medeiros Vulnerability Details:...
CVE-2015-7319 - SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin
Vulnerability title: SQL Injection in Appointment Booking Calendar 1.1.7 WordPress plugin CVE: CVE-2015-7319 Vendor: WordPress DWBooster Product: Appointment Booking Calendar Affected version: 1.1.7 Fixed version: 1.1.8 Reported by: Ibйria Medeiros Vulnerability Details: ===================== It...
TestLink Security Advisory - Multiple XSS Vulnerabilities - CVE-2015-7391
Information -------------------- Advisory by Netsparker. Name: Multiple XSS Vulnerabilities in TestLink 1.9.13 Affected Software : TestLink Affected Versions: 1.9.1.3 and possibly below Vendor Homepage : http://testlink.org/ Vulnerability Type : Cross-site Scripting Severity : Important Status :...
[USN-2772-1] PostgreSQL vulnerabilities
========================================================================== Ubuntu Security Notice USN-2772-1 October 16, 2015 postgresql-9.1, postgresql-9.3, postgresql-9.4 vulnerabilities ========================================================================== A security issue affects these...
[USN-2720-1] Django vulnerability
========================================================================== Ubuntu Security Notice USN-2720-1 August 18, 2015 python-django vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives...
[SECURITY] [DSA 3313-1] linux security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3313-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 23, 2015 https://www.debian.org/security/faq -...
[USN-2668-1] HAProxy vulnerability
========================================================================== Ubuntu Security Notice USN-2668-1 July 07, 2015 haproxy vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Path Traversal in BlackCat CMS
Advisory ID: HTB23263 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.1.1 and probably prior Tested Version: 1.1.1 Advisory Publication: June 10, 2015 without technical details Vendor Notification: June 10, 2015 Vendor Patch: June 24, 2015 Public Disclosure: July 1, 201...
PHP multiple security vulnerabilities
NULL character injection, DoS, integer overflow, memory corruption...
[security bulletin] HPSBGN03286 rev.1 - HP LoadRunner, Buffer Overflow
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04594015 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04594015 Version: 1 HPSBGN03286 rev....
Reflected Cross-Site Scripting vulnerability in asdoc generated documentation
------------------------------------------------------------------------ Reflected Cross-Site Scripting vulnerability in asdoc generated documentation ------------------------------------------------------------------------ Radjnies Bhansingh, March 2014...
Pligg CMS 2.0.2 - Stored XSS
Hi Team, Affected Vendor: http://pligg.com/ Date: 23/04/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Persistent XSS Tested on: Windows 8.1 Product: Pligg CMS Version: 2.0.2 Tested Link: http://localhost/pligg/admin/adminpage.php Description: Pligg CMS is a content management...
Grindr 2.1.1 iOS Bug Bounty #2 - Denial of Service Software Vulnerability
Document Title: =============== Grindr 2.1.1 iOS Bug Bounty 2 - Denial of Service Software Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1418 Release Date: ============= 2015-05-02 Vulnerability Laboratory ID VL-ID:...
GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server
GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS ======== Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data...
[USN-2476-1] Oxide vulnerabilities
========================================================================== Ubuntu Security Notice USN-2476-1 January 26, 2015 oxide-qt vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability
================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...
Alienvault OSSIM/USM Command Execution Vulnerability
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: =4.14.X Fixed Version: 4.15.0 Summary ======= Alienvault OSSIM is an open source SIEM solution designed to collect and correlate log data. T...
[ MDVSA-2015:020 ] libssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:020 http://www.mandriva.com/en/support/security/ Package : libssh Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated libssh packages fix security vulnerability: Double free...
[KIS-2014-14] Osclass <= 3.4.2 (Search::setJsonAlert) SQL Injection Vulnerability
------------------------------------------------------------------- Osclass = 3.4.2 Search::setJsonAlert SQL Injection Vulnerability ------------------------------------------------------------------- - Software Link: http://osclass.org/ - Affected Versions: Version 3.4.2 and probably prior...
Cross-Site Scripting (XSS) in Revive Adserver
Advisory ID: HTB23242 Product: Revive Adserver Vendor: http://www.revive-adserver.com/ Vulnerable Versions: 3.0.5 and probably prior Tested Version: 3.0.5 Advisory Publication: November 12, 2014 without technical details Vendor Notification: November 12, 2014 Vendor Patch: December 17, 2014 Publi...
[SECURITY] [DSA 3100-1] mediawiki security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3100-1 [email protected] http://www.debian.org/security/ Sebastien Delafond December 12, 2014 http://www.debian.org/security/faq -...
[ MDVSA-2014:253 ] apache-mod_wsgi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:253 http://www.mandriva.com/en/support/security/ Package : apache-modwsgi Date : December 15, 2014 Affected: Business Server 1.0 Problem Description: Updated apache-modwsgi package fixes security...
[Appcheck-NG] Unpatched Vulnerabilities in Magento E-Commerce Platform
On April 8th 2014, AppCheck reported several Cross Site Scripting Vulnerabilities in the Magento e-commerce platform via the eBay bug bounty program. eBay responded to inform us that the vulnerabilities had already been reported. However, since more than 6 months have passed and no fix is yet...
CVE-2014-8682 Multiple Unauthenticated SQL Injections in Gogs
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Unauthenticated SQL Injection in Gogs repository search ======================================================= Researcher: Timo Schmid [email protected] Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go...
Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities
Quarterly update covers 138 different vulnerabilities...
CVE-2014-4331 OctavoCMS reflected XSS vulnerability
This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...
[ MDVSA-2014:145 ] php-ZendFramework
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:145 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : July 31, 2014 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in...
[Onapsis Security Advisory 2014-033] SAP Business Warehouse Missing Authorization Check
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2014-033: SAP Business Warehouse Missing Authorization Check 1. Impact on Business ===================== By exploiting this vulnerability an authenticated attacker will be able to abuse of functionality that should be...
Reflected Cross-Site Scripting (XSS) in BlackCat CMS
Advisory ID: HTB23228 Product: BlackCat CMS Vendor: Black Cat Development Vulnerable Versions: 1.0.3 and probably prior Tested Version: 1.0.3 Advisory Publication: August 13, 2014 without technical details Vendor Notification: August 13, 2014 Vendor Patch: August 13, 2014 Public Disclosure:...