47153 matches found
Mozilla Foundation Security Advisory 2008-41
Mozilla Foundation Security Advisory 2008-41 Title: Privilege escalation via XPCnativeWrapper pollution Impact: Critical Announced: September 23, 2008 Reporter: mozbugra4, Olli Pettay Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.0.2 Firefox 2.0.0.17 Thunderbird 2.0.0.17 SeaMonkey...
Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
Microsoft Security Bulletin MS08-044 – Critical Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution 924090 Published: August 12, 2008 Version: 1.0 General Information Executive Summary This security update resolves five privately reported vulnerabilities. These...
[USN-634-1] OpenLDAP vulnerability
=========================================================== Ubuntu Security Notice USN-634-1 August 01, 2008 openldap2.2, openldap2.3 vulnerability CVE-2008-2952 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS...
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability
ZDI-08-044: Mozilla Firefox CSSValue Array Memory Corruption Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-08-044 July 17, 2008 -- CVE ID: CVE-2008-2785 -- Affected Vendors: Mozilla Firefox -- Affected Products: Mozilla Firefox 2.0.x Mozilla Firefox 3.0.x -- TippingPointTM IPS...
Invision Power Board <=2.3.x iFrame Vuln
Tested On: http://www.abarjigs.com/forum/ Effected on:Invision Power Board =2.3.x Type:Signature With iFrame Discovered By:CYBER.DARK.HIMU SHAHEEMIRZA Google: "style designed by Soi" or "Powered by IP.Board 2.3.1" Mail: [email protected],[email protected] HI TO ALL. HOW TO USE THIS...
Multiple vulnerabilities in ASG-Sentry 7.0.0
Luigi Auriemma Application: ASG-Sentry http://www.asg-sentry.com Versions: = 7.0.0 Platforms: Windows and Unix Bugs: A arbitrary files deleting B heap-overflow in FxAgent C termination of FxIAList D buffer-overflow in FxIAList Exploitation: remote Date: 10 Mar 2008 Author: Luigi Auriemma e-mail:...
Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution 947081 Published: February 12, 2008 Version: 1.0 General Information Executive Summary This important security update resolves three privately reported...
PKs Movie Database version 3.0.3 (SQL/XSS)
------------------------------------------------------------- H-T Team HouSSaMix + ToXiC350 from MoroCCo ------------------------------------------------------------- = Author : HouSSaMix From H-T Team = Script : PKs Movie Database version 3.0.3 = BUG 1 : Remote SQL Injection Vulnerability exploi...
SYMSA-2007-013: Lotus Notes Memory Mapped Files Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Symantec Vulnerability Research http://www.symantec.com/research Security Advisory Advisory ID: SYMSA-2007-013 Advisory Title: Lotus Notes Memory Mapped Files Vulnerability Author: Ollie Whitehouse / [email protected] Release Date: 23-10-20...
lighttpd buffer overflow
modfastcgi buffer overflow on headers parsing...
Xfce terminal client unescaped shell characters vulnerability
Shell characters are not filtered on URL processing...
BellaBook Admin Bypass/Remote Code Execution
?php / AUTHOR: ilker kandemir DOWNLOAD: http://www.jemjabella.co.uk/scripts/BellaBuffs.zip Explanation: The user verification routine used in most of the files is: requireonce'prefs.php'; if isset$COOKIE'bellabuffs' if $COOKIE'bellabuffs' == md5$adminname.$adminpass.$secret if isset$GET'ap' $page...
[USN-489-1] Linux kernel vulnerabilities
=========================================================== Ubuntu Security Notice USN-489-1 July 19, 2007 linux-source-2.6.15 vulnerability CVE-2006-4623, CVE-2006-7203, CVE-2007-0005, CVE-2007-1000, CVE-2007-1353, CVE-2007-1861, CVE-2007-2453, CVE-2007-2525, CVE-2007-2875, CVE-2007-2876,...
MITKRB5-SA-2007-001: telnetd allows login as arbitrary user [CVE-2007-0956]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MIT krb5 Security Advisory 2007-001 Original release: 2007-04-03 Last update: 2007-04-03 Topic: telnetd allows login as arbitrary user Severity: CRITICAL CVE: CVE-2007-0956 CERT: VU220816 SUMMARY ======= The MIT krb5 telnet daemon telnetd allows...
Kaqoo Auction (install_root) Multiple Remote File Include Vulnerabilities
To ConTacT mE @ www.Asb-May.net/bb ScRiPt:-http://kaqoo.com/server/download.php GrEaTz To:-ToOofa-HaCk.eGy-Alkmadz-Bright Dark All AsB-MaY DisCoverY ExPloIts GrOup Discovered By:- ThE dE@Th AsB-MaY DiScOvEr ExPlIoTs Gr0uP Wrong Code:- includeonce"$installroot...
Microsoft Internet Explorer page content spoofing
Crossite scripting in res://ieframe.dll/navcancl.htmhttp://www.site.com page allows to inject HTML code into page...
ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability
ZDI-07-009: Novell Netmail WebAdmin Buffer Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-009.html March 7, 2007 -- CVE ID: CVE-2007-1350 -- Affected Vendor: Novell -- Affected Products: Novell NetMail 3.5.2 -- TippingPointTM IPS Customer Protection: TippingPoint IPS...
FishCart [injection sql]
vendor site: http://fishcart.org/ product :fish cart bug:injection sql risk : medium injection sql : /display.php?cartid=200701210157208&zid=1&lid=1&olimit=5&cat=&key1=&nlst=y&olst='sql change the cartid value with yours laurent gaffie http://s-a-p.ca/ contact: [email protected]...
Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
Microsoft Security Bulletin MS07-002 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution 927198 Published: January 9, 2007 Version: 1.0 Summary Who Should Read this Document: Customers who use Microsoft Excel Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:...
gNews Publisher SQL Injection Vulnerabilites
Aria-Security's Research Team www.Aria-Security.Com For further help Original Advisory at: http://www.aria-security.com/forum/showthread.php?t=37 ----------------------------------------- Software: gNews Publisher Vendor: http://gazatem.com Method: SQL Injection Poc:...
Directory Traversal Vulnerability in Goop Gallery 2.0.2
Armorize Technologies Security Advisory Advisory No: Armorize-ADV-2006-0004 Status: Partial Date: 2006/10/04 Bugtraq No.: N/A Summary: Armorize-ADV-2006-0004 discloses a special case of directory traversal vulnerability found in Goop Gallery, which is is a directory based photo gallery and does n...
Microsoft Windows DHCP client buffer overflow
Buffer overflow on DHCP server response parsing...
MyGallery "Room.php" SQL Injection
=========================================== Discovered By: C.B.B.L CrAzY CrAcKeR ,Breeeeh ,BoNy-m ,LiNuXrOOt =========================================== Example:- /MyGallery/Room.php?id=SQL Injection ===========================================...
# MHG Security Team --- PHP NUKE All version Remote File Inc.
Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,Яy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...
QBv14 XSS
QBv14 XSS Discovered by: Nomenumbra Date: 21/5/2006 impact:moderate possible defacement QBv14 doesn't filter anything at all, in short: XSS heaven..... Nomenumbra...
Microsoft Internet Explorer array index overflow
Array index overflow for large number of HTML tag's events handlers. Vulnerability can be used for hidden malware installation...
Heimdal rshd privilege escalation
No description provided...
[hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart
http://www.hackgen.org/advisories/hackgen-2005-004.txt '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' hackgen-2005-004 ' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' ' Multiple bugs in MidiCart PHP Shopping Cart '...
MetaCart2 for PayFlow Multiple Sql Injection Vulnerabilities
Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity: High Title: MetaCart2 for PayFlow Multiple S...
Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer (890923)
Microsoft Security Bulletin MS05-020 Cumulative Security Update for Internet Explorer 890923 Issued: April 12, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...
In-game server crash in Call of Duty 1.5b and United Offensive 1.51b
Luigi Auriemma Applications: Call of Duty = 1.5b Call of Duty: United Offensive = 1.51b http://www.callofduty.com Platforms: Windows only Linux is safe and Mac has not been tested Bug: crash Exploitation: remote, versus server in-game Date: 02 Apr 2005 Author: Luigi Auriemma e-mail:...
[SA12685] proxytunnel Username and Password Disclosure
TITLE: proxytunnel Username and Password Disclosure SECUNIA ADVISORY ID: SA12685 VERIFY ADVISORY: http://secunia.com/advisories/12685/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: Local system SOFTWARE: proxytunnel 1.x http://secunia.com/product/3983/ DESCRIPTION: A...
phpBB 2.0.8a and lower - IP spoofing vulnerability
Advisory Name : phpBB 2.0.8a and lower - IP spoofing vulnerability Release Date : Apr 18, 2004 Application : phpBB Version : phpBB 2.0.8a and previous versions Platform : PHP Vendor URL : http://www.phpbb.com/ Author : Wang / SRR Project Group of Ready Response [email protected] Overview A...
[NT] Serv-U LIST -l Parameter Buffer Overflow
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Another YabbSE SQL Injection
Summary YaBB SE is a PHP/MySQL port of the popular forum software YaBB yet another bulletin board. An SQL injection vulnerability allows a remote attacker to execute malicious SQL statements on the database remotely Details Vulnerable Systems: YaBB SE versions 1.5.4, 1.5.5, possibly others The fi...
Microsoft Security Bulletin MS04-005
Microsoft Security Bulletin MS04-005 Vulnerability in Virtual PC for Mac could lead to privilege elevation 835150 Issued: February 10, 2004 Version: 1.0 Summary Who should read this document: Customers who are using Microsoft® Virtual PC for Mac Impact of vulnerability: Elevation of Privilege...
[SECURITY] INN: Buffer overflow in control message handling
A buffer overflow has been discovered in a portion of the control message handling code introduced in INN 2.4.0. It is fairly likely that this overflow could be remotely exploited to gain access to the user innd runs as. INN 2.3.x and earlier are not affected. The INN CURRENT tree is affected. So...
Divine OpenMarket Content Server XSS
Content Server is a web content management from Divine www.divine.com A Cross Site Scripting in this product allows injection of hostile HTML/script into the error page. Example : http://www.mouffleton.com/servlet/ContentServer?pagename=body20onload=alertdocument.cookie; Workaround : Catch error...
Salescart vuln.
Summary: In a business website which is made by Salescart, all customer records related to that website are reachable. All database can be hide to shop.mdb file, in fpdb directory. Any user can be reach this database whithous permission. There are some special informations this database and they...
Minor IE vulnerability: about: URLs
Zone spoofing? Oh yes, that reminds me. Here's another one. Affected: Internet Explorer under Windows, up to version 6 Risk: Low Workaround: Disable scripting in the Internet Zone Problem: If an unknown 'about:' name is used, IE echos the string exactly to the page. So 'about:foo' results in an...
Rideway PN Telnet DoS
Strumpf Noir Society Advisories ! Public release ! -- -= Rideway PN Telnet DoS =- Release date: Tuesday, November 14, 2000 Introduction: RideWay PN is a proxy server application that enables multiple users to share resources and files and that allows users to access the Internet simultaneously...
Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability "THE KING IS THE NEXT RELEASE" USSR Advisory Code: USSR-2000049 Release Date: July 10, 2000 Systems Affected: WircSrv Irc Server v5.07s THE PROBLEM The Ussr Labs team has recently discovered...
Переполнение буфера в HP Openview Network Node Manager v6.1
Строка длиной 4068 символов посланная в порт TCP/2345 вызывает классическое переполнение буфера...
CVE-2015-5074 - Arbitrary File Upload In X2Engine Inc. X2Engine
Vulnerability title: Arbitrary File Upload In X2Engine Inc. X2Engine CVE: CVE-2015-5074 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that authenticated users were able to upload files of any type providing...
WebSolutions India Design CMS - SQL Injection Vulnerability
Document Title: =============== WebSolutions India Design CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1577 Release Date: ============= 2015-08-20 Vulnerability Laboratory ID VL-ID: ===================================...
Multiple Vulnerabilities in ISPConfig
Advisory ID: HTB23260 Product: ISPConfig Vendor: http://www.ispconfig.org Vulnerable Versions: 3.0.5.4p6 and probably prior Tested Version: 3.0.5.4p6 Advisory Publication: May 20, 2015 without technical details Vendor Notification: May 20, 2015 Vendor Patch: June 4, 2015 Public Disclosure: June 1...
Arbitrary file deletion and multiple XSS vulnerabilities in pfSense
Advisory ID: HTB23251 Product: pfSense Vendor: Electric Sheep Fencing LLC Vulnerable Versions: 2.2 and probably prior Tested Version: 2.2 Advisory Publication: March 4, 2015 without technical details Vendor Notification: March 4, 2015 Vendor Patch: March 5, 2015 Public Disclosure: March 25, 2015...
[USN-2583-1] Linux kernel vulnerability
========================================================================== Ubuntu Security Notice USN-2583-1 April 30, 2015 linux vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubunt...
[CVE-2015-1517] Piwigo - SQL Injection in Version 2.7.3
CVE-2015-1517 Piwigo - SQL Injection in Version 2.7.3 ---------------------------------------------------------------- Product Information: Software: Piwigo Tested Version: 2.7.3, released on 9 January 2015 Vulnerability Type: SQL Injection CWE-89 Download link: http://piwigo.org/basics/downloads...
[ MDVSA-2015:022 ] wireshark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:022 http://www.mandriva.com/en/support/security/ Package : wireshark Date : January 12, 2015 Affected: Business Server 1.0 Problem Description: Updated wireshark packages fix security vulnerabilities: The DE...