47153 matches found
Mibew messenger multiple XSS
Advisory ID: CSA-12001 Title: Mibew messenger multiple XSS Product: mibew messenger Version: 1.6.4 and probably prior Vendor: mibew.org Vulnerability type: XSS Vendor notification: 2012-01-07 Public disclosure: 2012-01-24 Mibew messenger version 1.6.4 an probably below is vulnerable to multiple X...
TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin
Trustwave's SpiderLabs Security Advisory TWSL2011-019: Cross-Site Scripting Vulnerability in phpMyAdmin https://www.trustwave.com/spiderlabs/advisories/TWSL2011-019.txt Published: 12/22/11 Version: 1.0 Vendor: phpMyAdmin http://www.phpmyadmin.net/ Product: phpMyAdmin Version affected: 3.4.8 and...
[ MDVSA-2011:178 ] glibc
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:178 http://www.mandriva.com/security/ Package : glibc Date : November 25, 2011 Affected: 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities was discovered and fixed in glibc: Multipl...
[security bulletin] HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03058866Version: 1 HPSBMU02716 SSRT100651 rev.1 - HP Data Protector Notebook Extension, Remote Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted upon a...
[Onapsis Security Advisory 2011-016] SAP WebAS Malicious SAP Shortcut Generation
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory 2011-016: SAP WebAS Malicious SAP Shortcut Generation This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforeha...
[SECURITY] [DSA 2307-1] chromium-browser security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2307-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano September 11, 2011 http://www.debian.org/security/faq -...
Vulnerability in plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion, Magento and Sweetcron
Hello 3APA3A! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my three publications which I've made earlier at my site. In plugins for Typepad, RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS,...
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability
ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-276 August 23, 2011 -- CVE ID: CVE-2011-2140 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Flash...
WOC Consulting (search_result.php?cid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability WOC Consulting searchresult.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.woc-consulting.com/ Persian Gulf 4 Ever! Dork : "Powered by WOC Consulting Canada"...
PHP-Barcode 0.3pl1 Remote Code Execution
PHP-Barcode 0.3pl1 Remote Code Execution ================================= The input passed to the code parameter is not sanitized and is used on a popen function. This allows remote command execution and also allows to see environment vars: Windows...
Arbitrary files deletion in HP OpenView Communication Broker
Luigi Auriemma Application: HP OpenView Communication Broker http://www8.hp.com/us/en/software/enterprise-software.html Versions: ovbbccb.exe = 11.0.43.0 Platforms: Windows, Linux, Solaris, HP-UX, AIX Bug: arbitrary files deletion Exploitation: remote, versus server Date: 27 Jun 2011 found 01 Jun...
[ MDVSA-2011:095 ] apr
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:095 http://www.mandriva.com/security/ Package : apr Date : May 20, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: It was discovered that the fix for CVE-2011-0419...
Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities
Multiple memory corruptions, uninitialized pointer dereferences, information leakage, code execution...
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch Advisory ID: cisco-sa-20110223-telepresence-ctms Revision 1.0 For Public Release 2011 February 23...
vBulletin 4.1.2 0-day Denial Of Service Exploit
========================================= vBulletin 4.1.2 0-day Denial Of Service Exploit ========================================= The largest Exploit Database in the world ! 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 /' /' / /' 0 /, // ,/ / 1 // /' / // /' / /'...
SQL Injection in phpMySport
Vulnerability ID: HTB22772 Reference: http://www.htbridge.ch/advisory/sqlinjectioninphpmysport2.html Product: phpMySport Vendor: phpMySport http://phpmysport.sourceforge.net/ Vulnerable Version: 1.4 Vendor Notification: 21 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor...
[USN-1015-1] libvpx vulnerability
=========================================================== Ubuntu Security Notice USN-1015-1 November 10, 2010 libvpx vulnerability CVE-2010-4203 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also...
XSS vulnerability in Onyx
Vulnerability ID: HTB22537 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinonyx1.html Product: Onyx Vendor: Hulihan Applications http://hulihanapplications.com/projects/onyx Vulnerable Version: 0.3.2 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type:...
Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution (982214)
Microsoft Security Bulletin MS10-054 - Critical Vulnerabilities in SMB Server Could Allow Remote Code Execution 982214 Published: August 10, 2010 Version: 1.0 General Information Executive Summary This security update resolves several privately reported vulnerabilities in Microsoft Windows. The...
About the security content of Safari 5.0.1 and Safari 4.1.1
About the security content of Safari 5.0.1 and Safari 4.1.1 Last Modified: July 28, 2010 Article: HT4276 Summary This document describes the security content of Safari 5.0.1 and Safari 4.1.1. For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a...
[security bulletin] HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting (XSS), Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02181353 Version: 1 HPSBMA02535 SSRT100029 rev.1 - HP Performance Manager, Remote Unauthorized Access, Cross Site Scripting XSS, Denial of Service DoS NOTICE: The information in this Security...
Secunia Research: Adobe Shockwave Player Asset Entry Parsing Vulnerability
====================================================================== Secunia Research 12/05/2010 - Adobe Shockwave Player Asset Entry Parsing Vulnerability - ====================================================================== Table of Contents Affected...
ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability
ZDI-10-086: HP OpenView NNM getnnmdata.exe CGI Invalid Hostname Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-10-086 May 11, 2010 -- CVE ID: CVE-2010-1555 -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packard OpenView Network Node Manager...
Microsoft Security Bulletin MS10-027 - Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution (979402)
Microsoft Security Bulletin MS10-027 - Critical Vulnerability in Windows Media Player Could Allow Remote Code Execution 979402 Published: April 13, 2010 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Windows Media Player. The...
Multiple DOM-Based XSS in Dojo Toolkit SDK
=========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science [email protected] Affected Software: Dojo Toolkit SDK = Build 1.4.1 Browser used for testing: IE8 8.0.7600.16385 Severity:...
Mozilla Foundation Security Advisory 2010-04
Mozilla Foundation Security Advisory 2010-04 Title: XSS due to window.dialogArguments being readable cross-domain Impact: Moderate Announced: February 17, 2010 Reporter: Hidetake Jo, TippingPoint ZDI Products: Firefox, SeaMonkey Fixed in: Firefox 3.6 Firefox 3.5.8 Firefox 3.0.18 SeaMonkey 2.0.3...
eWebeditor ASP Version Multiple Vulnerabilities
Securitylab.ir Application Info: Name: eWebeditor Version: ASP Vulnerability: ======================= Arbitrary File Upload ======================= form action = "http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select SID, SName, SDir, SCSS, SUploadDir 2b' /...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Zabbix Agent : Bypass of EnableRemoteCommands=0
From Wikipedia : "Zabbix is a network management system application ... designed to monitor and track the status of various network services, servers, and other network hardware." Zabbix Agent : Bypass of EnableRemoteCommands=0 Impacted software : Zabbix Agent FreeBSD and Solaris only Zabbix...
Re: Cherokee Web Server 0.5.4 Denial Of Service
This attack should only work on the Windows version of Cherokee Web Server, as it references a DOS-style special device, AUX. This attack can also be launched through a browser as follows: http://www.example.com/AUX...
FreeBSD <= 6.1 kqueue() NULL pointer dereference
FreeBSD = 6.1 suffers from classical check/use race condition on SMP systems in kevent syscall, leading to kernel mode NULL pointer dereference. It can be triggered by spawning two threads: 1st thread looping on open and close syscalls, and the 2nd thread looping on kevent, trying to add possibly...
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities
ZDI-09-059: Oracle Secure Backup Administration Server Multiple Command Injection Vulnerabilities http://www.zerodayinitiative.com/advisories/ZDI-09-059 -- CVE ID: CVE-2009-1978 -- Affected Vendors: Oracle -- Affected Products: Oracle Secure Backup -- Vulnerability Details: This vulnerability...
MySQL format string vulnerabilities
COMCREATEDB, COMDROPDB format string vulnerabilities...
CodeIgniter Global XSS Filtering Bypass Vulnerability
======================================== CodeIgniter Global XSS Filtering Bypass Vulnerability ======================================== Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ believe in full disclosure Product : CodeIgniter http://www.codeigniter.com Product...
Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution (961371)
Microsoft Security Bulletin MS09-029 - Critical Vulnerabilities in the Embedded OpenType Font Engine Could Allow Remote Code Execution 961371 Published: July 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves two privately reported vulnerabilities in a...
HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software (RGS) Sender Running Easy Login, Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01731970 Version: 1 HPSBMA02427 SSRT090069 rev.1 - HP Remote Graphics Software RGS Sender Running Easy Login, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should b...
Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)
Microsoft Security Bulletin MS09-012 - Important Vulnerabilities in Windows Could Allow Elevation of Privilege 959454 Published: April 14, 2009 Version: 1.0 General Information Executive Summary This security update resolves four publicly disclosed vulnerabilities in Microsoft Windows. The...
[BMSA-2009-02] XML injection in PyBlosxom
BLUE MOON SECURITY ADVISORY 2009-02 =================================== :Title: XML Injection in PyBlosxom :Severity: Low :Reporter: Blue Moon Consulting :Products: PyBlosxom v1.4.3 :Fixed in: -- Description ----------- PyBlosxom is a lightweight file-based weblog system. The project started as a...
[security bulletin] HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c01621724 Version: 1 HPSBMA02390 SSRT071481 rev.1 - HP OpenView Performance Agent, HP Performance Agent, Remote Denial of Service DoS NOTICE: The information in this Security Bulletin should be...
Joomla Component GameQ
Joomla Component GameQ AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : Http://IRCRASH.COM IRCRASH Team Members : Dr.Crash - R3d.w0rm Sina Yazdanmehr - Hadi Kiamarsi Download : http://joomlacode.org/gf/project/gameq DORK : inurl:option=comgameq Bug...
CMME Multiple Information disclosure vulnerabilities
WwW.BugReport.ir AmnPardaz Security Research & Penetration Testing Group Title: CMME Multiple Information disclosure vulnerabilities Vendor: http://cmme.oesterholt.net Bug: Information Disclosure Vulnerable Version: 1.19 prior versions also may be affected Exploitation: Remote with browser Exploi...
rPSA-2008-0286-1 mono
rPath Security Advisory: 2008-0286-1 Published: 2008-09-29 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Remote User Deterministic Vulnerability Updated Versions: mono=conary.rpath.com@rpl:2/1.2.6-5-0.1 References: https://vulners.com/cve/CVE-2008-3906 Description: Previous...
csphonebook 1.02 Remote XSS Vulnerabilitiy
csphonebook 1.02 Remote XSS Vulnerabilitiy Ghost Hacker , Real Hack Back Author : Ghost Hacker My Home : http://Real-h.com Real Hack Back Contact Me : [email protected] Bug : Remote Xss From : Kingdom Saudi Arabia Name Script : WhoDomLite v1.1.3 Download :...
WESPA Calendário v1.1 Sql Injection Vulnerability
WESPA Calendrio v1.1 Sql Injection Vulnerability - Discovered by : AleminKrali - My Site : al3m.blogspot.com - Script Download : http://www.scriptbrasil.com.br/download/codigo/6502/ - Admin Panel : /scriptpath/useradmin.php - Exploit :...
SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit
!/usr/bin/perl SazCart = v1.5.1 details&prodid Remote SQL Injection Exploit HomePage: http://www.sazcart.com Discovered & Coded by JosS Contact: sys-projectathotmail.com Spanish Hackers Team / Sys - Project / EspSeC http://www.spanish-hackers.com rgod forever :D Dork: "Powered by SazCart" print...
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability
ZDI-08-022: Apple Safari WebKit PCRE Handling Integer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-022 April 16, 2008 -- CVE ID: CVE-2008-1026 -- Affected Vendors: Apple -- Affected Products: Apple Safari -- TippingPointTM IPS Customer Protection: TippingPoint IPS...
[NEWS] Websphere MQ MCAUSER Setting Bypass Vulnerability
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
rPSA-2008-0132-1 lighttpd
rPath Security Advisory: 2008-0132-1 Published: 2008-03-31 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Denial of Service Updated Versions: lighttpd=conary.rpath.com@rpl:1/1.4.18-0.5-1 rPath Issue Tracking System: https://issues.rpath.com/browse/RPL-24...
joomla com_product SQL Injection(catid)
joomla comproduct SQL Injectioncatid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"comproduct"catid DORK 2 : allinurl: EXPLOIT :...
Mambo 4.6.3 Path Disclosure, XSS , XSRF, DOS
WwW.BugReport.ir AmnPardaz Security Research Team Title: Mambo Vulnerabilities Vendor: http://mamboserver.com Bugs: Path Disclosure, XSS , XSRF, DOS Vulnerable Version:4.6.3 prior versions also may be affected Exploitation: Remote with browser Fix Available: No! - Description: Mambo is an, open...