47153 matches found
Mozilla Foundation Security Advisory 2010-48
Mozilla Foundation Security Advisory 2010-48 Title: Dangling pointer crash regression from plugin parameter array fix Impact: Critical Announced: July 20, 2010 Reporter: Daniel Holbert Products: Firefox 3.6.7 Fixed in: Firefox 3.6.8 Description Mozilla developer Daniel Holbert reported that the f...
Mozilla Foundation Security Advisory 2010-40
Mozilla Foundation Security Advisory 2010-40 Title: nsTreeSelection dangling pointer remote code execution vulnerability Impact: Critical Announced: July 20, 2010 Reporter: regenrecht via TippingPoint's Zero Day Initiative Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox...
DynPG CMS Multiple Remote File Inclusion Vulnerability
fucking the Web Apps attack edition / / / / L /' / , / / /' , / /' /' / /' / / / / / / L / / / // // // ///////////L // ////// // // Hack0wn! Security Project / /&...
Chaton <= 1.5.2 Local File Include Vulnerability
================================================ Chaton = 1.5.2 Local File Include Vulnerability ================================================ + Chaton = 1.5.2 Local File Include Vulnerability 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0 /, // ,...
Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability
======================================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM 7.7, 7.8 tested Cross Site Scripting Vulnerability ======================================================= ===================== I. BACKGROUND ===================== Siebel...
TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility
=================================================================== TinyMCE - Javascript WYSIWYG Editor xss/sql injection vurnerebility =================================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' /' / /' 0 0...
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)
Microsoft Security Bulletin MS09-073 - Important Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution 975539 Published: December 08, 2009 Version: 1.0 General Information Executive Summary This security update resolves a privately reported vulnerability in Microso...
[waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09
waraxe-2009-SA074 - Multiple Vulnerabilities in TorrentTrader Classic 1.09 =============================================================================== Author: Janek Vind "waraxe" Date: 15. June 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-74.html Description of vulnerable...
Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
Microsoft Security Bulletin MS09-020 - Important Vulnerabilities in Internet Information Services IIS Could Allow Elevation of Privilege 970483 Published: June 9, 2009 Version: 1.0 General Information Executive Summary This security update resolves one publicly disclosed vulnerability and one...
Family Connections 1.8.2 Blind SQL Injection (Correct Version)
Salvatore "drosophila" Fresta + Application: Family Connection + Version: = 1.8.2 + Website: http://www.familycms.com + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 1 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...
SQL Injection and DoS vulnerabilities in Power Phlogger
Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых SQL Injection и DoS уязвимостях в Power Phlogger. SQL Injection: Уязвимость можно использовать в частности для удаления стилей в том числе системных: http://site/edCss.php?cssstr=22/&action=delete Или для проведения DoS атак:...
Microsoft Bluetooth Stack OBEX Directory Traversal
Title: Microsoft Bluetooth Stack OBEX Directory Traversal Author: Alberto Moreno Tablado Vendor: Microsoft Product: Windows Mobile 6 Professional Probably Windows Mobile 5.0 for Pocket PC and Windows Mobile 5.0 for Pocket PC Phone Edition References:...
FreeSSHD buffer overflow
sftp post authentication buffer overflow...
Joomla: Session hijacking vulnerability, CVE-2008-4122
Joomla: Session hijacking vulnerability, CVE-2008-4122 References https://vulners.com/cve/CVE-2008-4122 http://int21.de/cve/CVE-2008-4122-joomla.html http://enablesecurity.com/2008/08/11/surf-jack-https-will-not-save-you/ https://www.defcon.org/html/defcon-16/dc-16-speakers.htmlPerry Description...
[ MDVSA-2008:218 ] lynx
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2008:218 http://www.mandriva.com/security/ Package : lynx Date : October 28, 2008 Affected: 2008.0, 2008.1, 2009.0 Problem Description: A vulnerability was found in the Lynxcgi: URI handler that could allow an...
Mozilla Foundation Security Advisory 2008-41
Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...
Microsoft Windows GDI library multiple security vulnerabilities
Multiple vulnerabilities on different graphics format parsing...
Secunia Research: Calendarix Basic Two SQL Injection Vulnerabilities
====================================================================== Secunia Research 25/08/2008 - Calendarix Basic Two SQL Injection Vulnerabilities - ====================================================================== Table of Contents Affected...
Kayako SupportSuite < 3.30.00 Multiple Vulnerabilities
GulfTech Security Research August 09, 2008 Vendor : Kayako Infotech Ltd. URL : http://www.kayako.com/ Version : Kayako SupportSuite 3.30.00 Risk : Multiple Vulnerabilities Description: Kayako SupportSuite is a very popular online eSupport application that consists of several well known Kayako...
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...
PCPIN Chat 6: potential XSS vulnerability in URL redirection script
All PCPIN Chat 6 versions prior to 6.11 are affected by the potential XSS vulnerability in URL redirection script. The vulnerability is caused by insufficient protocol scheme validation in file /inc/urlredirection.inc.php More info and patch here:...
joomla com_garyscookbook SQL Injection(id)
joomla comgaryscookbook SQL Injectionid AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAL : [email protected] DORK 1 : allinurl:"comgaryscookbook" DORK 2 : allinurl: comgaryscookbook "detail" EXPLOIT :...
PostgreSQL 2007-01-07 Cumulative Security Release
Today the PostgreSQL Global Development Group is releasing updated versions which patch five security vulnerabilities. These releases update all current PostgreSQL versions, including 8.2, 8.1, 8.0, 7.4 and 7.3. They are considered CRITICAL and PostgreSQL DBAs and sysadmins should install the...
Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution (942624)
Microsoft Security Bulletin MS07-063 – Important Vulnerability in SMBv2 Could Allow Remote Code Execution 942624 Published: December 11, 2007 Version: 1.0 General Information Executive Summary This important security update resolves a privately reported vulnerability in Server Message Block Versi...
Skalinks <= 1_5 Cross Site Request Forgery Add Admin
| | | | | | | | | | | || | | | | | | | | |/ |/ | |/ / | ' / | | || ' / | |/ |/ | | | | | | | | | | | | | | | || | | | | | / | |/,||||| ||, | /| ||/|,|| / | |/ | | | Site: www.hackinginside.altervista.org | | Project: Skalinks = 15 Cross Site Request Forgery Add Admin | | Author: Vincy | | Email:...
BellaBook Admin Bypass/Remote Code Execution
?php / AUTHOR: ilker kandemir DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBuffs.zip Explanation: The user verification routine used in most of the files is: requireonce'prefs.php'; if isset$COOKIE'bellabuffs' if $COOKIE'bellabuffs' == md5$adminname.$adminpass.$secret if isset$GET'ap' $page...
iDefense Security Advisory 07.19.07: Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability
Multiple Vendor Multiple Product URI Handler Input Validation Vulnerability iDefense Security Advisory 07.19.07 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 19, 2007 I. BACKGROUND Microsoft Internet Explorer and Mozilla Firefox are the two most popular web browsers. Many people have...
Cross Site Scripting in Oliver Library Management System
BACKGROUND ========== "Oliver is the web-based Library Management System for Schools. Softlink has built on the understanding of thousands of school clients, over many years, and has designed a new system for school libraries and learning resource centres in the 21st century" -- from...
PHP variables unset use after free vulnerability
There is no access counters for SESSION and HTTPSESSIONVARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Philboard (id) Remote SQL Injection
---------------------------------------------------- Philboard id Remote SQL Injection ---------------------------------------------------- Bulan: xoron xoron.info - xoron.biz Google Dork : "Powered by Philboard" , "inurl:philboardforum.asp" ----------------------------------------------------...
[ MDKSA-2006:233 ] - Updated dbus packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2006:233 http://www.mandriva.com/security/ Package : dbus Date : December 18, 2006 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0 Problem Description: A vulnerability was discovered in D-Bus that could be...
gNews Publisher SQL Injection Vulnerabilites
Aria-Security's Research Team www.Aria-Security.Com For further help Original Advisory at: http://www.aria-security.com/forum/showthread.php?t=37 ----------------------------------------- Software: gNews Publisher Vendor: http://gazatem.com Method: SQL Injection Poc:...
Directory Traversal Vulnerability in Goop Gallery 2.0.2
Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0004 Status: Partial Date: 2006/10/04 Bugtraq No.: N/A Summary: Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does n...
Microsoft Windows DHCP client buffer overflow
Buffer overflow on DHCP server response parsing...
Mambo jim Component Remote Include Vulnerability
C Y B E R - W A R R I O R T I M Mambo jim Component Remote Include Vulnerability Author: XORON Class: Remote cont@ct: x0r0nathotmaildotcom Code: in install.jim.php , line 16 requireonce$mosConfigabsolutepath."/components/comjim/readme.txt"; Exploit:...
a6mambohelpdesk Mambo Component <= 18RC1 Remote Include Vulnerability
a6mambohelpdesk Mambo Component = 18RC1 Remote Include Vulnerability Rish : High Class : Remote Script : a6mambohelpdesk Thanx : www.lezr.com/vb codes ? include "$mosConfiglivesite/components/coma6mambohelpdesk/about.html" ; ? d0rkiz : allinurl:"coma6mambohelpdesk"...
Lazarus Guestbook Cross Site Scripting Vulnerabilities
Produce : Lazarus Guestbook Website : http://carbonize.co.uk/Lazarus/ Version : = 1.6 Problem : Cross Site Scripting 1 The first probleme is in codes-english.php ,"show" parameter in lang/codes-english.php isn't properly sanitised This can be exploited to execute arbitrary HTML and javascript cod...
# MHG Security Team --- PHP NUKE All version Remote File Inc.
Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...
QBv14 XSS
QBv14 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement QBv14 doesn't filter anything at all, in short: XSS heaven..... Nomenumbra...
NASL 'Split' function Buffer overflow Vulnerability
NASL Split function Buffer Overflow Vulnerability OS2A ID: OS2A1005 Status: 20/04/2006 Issue Discovered 21/04/2006 Fixed 25/04/2006 Advisory Released Class: Buffer Overflow Severity: Medium Overview: ------------- Nessus is a popular remote vulnerability scanner with a plugin architecture, each...
[security bulletin] SSRT061118 rev.1 - HP System Management Homepage (SMH) Running on Windows: Remote Unauthorized Access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c00601530 Version: 1 HPSBMA02099 SSRT061118 rev.1 - HP System Management Homepage SMH Running on Windows: Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be act...
[Full-disclosure] ZRCSA-200503 - ktools Buffer Overflow Vulnerability
ZRCSA-200503 - ktools Buffer Overflow Vulnerability Zone-H Research Center Security Advisory 200503 http://www.zone-h.fr Date of release: 27/11/2005 Software: ktools http://konst.org.ua/ktools Affected versions: = 0.3 Risk: Medium Discovered by: Mehdi Oudad "deepfear" and Kevin Fernandez...
Glider collect'n kill game buffer overflow
Buffer overflow on oversized player name...
[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart
http://www.hackgen.org/advisories/hackgen-2005-004.txt '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' hackgen-2005-004 ' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' Multiple bugs in MidiCart PHP Shopping Cart '...
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: MetaCart2 for PayFlow Multiple S...
CGI bugs
No description provided...
phpBB 2.0.8a and lower - IP spoofing vulnerability
Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...
[NT] Serv-U LIST -l Parameter Buffer Overflow
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...