47153 matches found
Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy
a bug in Mybb 1.6.8 'announcements.php' that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Mybb 1.6.8 'announcements.php' Sql Injection Vulnerabilitiy Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://www.mybb.com/ Security Risk...
ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-096 : HP Data Protector Express Opcode 0x330 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-096 June 21, 2012 - -- CVE ID: CVE-2012-0122 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
RealNetworks Helix Server code execution
Code execution during rn5auth authentication process...
ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-094 : RealNetworks Helix Server rn5auth Credential Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-094 June 21, 2012 - -- CVE ID: CVE-2012-0942 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - --...
ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-099 : DataDirect OpenAccess oaagent.exe GIOP Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-099 June 21, 2012 - -- CVE ID: CVE-2011-4165 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-100 : HP OpenView Performance Manager PMParamHandler Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-100 June 21, 2012 - -- CVE ID: CVE-2012-0127 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-097 : HP Data Protector Express Opcode 0x320 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-097 June 21, 2012 - -- CVE ID: CVE-2012-0121 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected...
[ MDVSA-2012:098 ] libxml2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:098 http://www.mandriva.com/security/ Package : libxml2 Date : June 21, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in libxml2: ...
HP DataDirect OpenAccess security vulnerabilities
Few buffer overflows on traffic parsing...
HP Data Protector Express multiple security vulnerabilities
DoS, code execution...
HP Performance Manager security vulnerabilities
DoS, code execution...
ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-095 : Apple Quicktime TeXML transform Attribute Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-095 June 21, 2012 - -- CVE ID: CVE-2012-0663 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors...
libxml off-by-one
No description provided...
ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-098 : AOL Products dnUpdater ActiveX Uninitialized Pointer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-098 June 21, 2012 - -- CVE ID: - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected Vendors:...
DT, XSS and FPD vulnerabilities in Organizer for WordPress
Hello 3APA3A! After previous vulnerabilities in plugin Organizer, I'll present five more security vulnerabilities in plugin Organizer for WordPress. This is the fourth in series of advisories concerning vulnerabilities in this plugin. These are Directory Traversal, Cross-Site Scripting and Full...
QuickBlog v0.8 CMS - Multiple Web Vulnerabilities
Title: ====== QuickBlog v0.8 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=567 VL-ID: ===== 567 Common Vulnerability Scoring System: ==================================== 6.5 Introduction: ============= QuickBlo...
Nuked Klan SP CMS v4.5 - SQL injection Vulnerability
Title: ====== Nuked Klan SP CMS v4.5 - SQL injection Vulnerability Date: ===== 2012-06-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=610 VL-ID: ===== 610 Common Vulnerability Scoring System: ==================================== 8 Introduction: =============...
[SECURITY] [DSA 2485-1] imp4 security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2485-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst June 3, 2012 http://www.debian.org/security/faq -...
[Suspected Spam] eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities
Title: ====== eSyndiCat Pro v2.4.1 - Multiple Web Vulnerabilities Date: ===== 2012-05-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=575 VL-ID: ===== 575 Common Vulnerability Scoring System: ==================================== 7.1 Introduction: =============...
Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities
Title: ====== Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=592 VL-ID: ===== 592 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
Cells Blog CMS v1.1 - Multiple Web Vulnerabilites
Title: ====== Cells Blog CMS v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-06-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=591 VL-ID: ===== 591 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= Cells-bl...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
SQL injection in Serendipity
Advisory ID: HTB23092 Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE Reference: CVE-2012-2762 CVSSv2...
Vulnerabilities in JW Player and millions of web sites
Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player. These are Content Spoofing and Cross-Site Scripting vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are JW Player 5.9.2156 and 5.9.2206, except one vulnerability and...
Simple Forum PHP 2.1 - SQL Injection Vulnerabilities
Title: ====== Simple Forum PHP 2.1 - SQL Injection Vulnerabilities Date: ===== 2012-06-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=599 VL-ID: ===== 599 Common Vulnerability Scoring System: ==================================== 7.5 Introduction: ============= Simpl...
Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites
Title: ====== Jobs Portal v3.0 NetArtMedia - Multiple Web Vulnerabilites Date: ===== 2012-06-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=595 VL-ID: ===== 595 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites
Title: ====== iScripts EasyCreate CMS v2.0 - Multiple Web Vulnerabilites Date: ===== 2012-06-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=588 VL-ID: ===== 588 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...
Interspire Shopping Cart v6 - Multiple Web Vulnerabilities
Title: ====== Interspire Shopping Cart v6 - Multiple Web Vulnerabilities Date: ===== 2012-06-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=593 VL-ID: ===== 593 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI < 2011R3.0
================ 0A29-12-1 : Cross-Site Scripting vulnerabilities in Nagios XI 2011R3.0 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple reflected XSS vulnerabilities exist within Nagios XI 2011R3....
SQL injection in Bigware shop software
The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...
ADICO CMS v1.1 - Blind SQL Injection Vulnerability
Title: ====== ADICO CMS v1.1 - Blind SQL Injection Vulnerability Date: ===== 2012-05-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=582 VL-ID: ===== 582 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: ============= ADICO i...
Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities
Title: ====== Swoopo Gold Shop CMS v8.4.56 - Multiple Web Vulnerabilities Date: ===== 2012-05-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=515 VL-ID: ===== 515 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: ============...
Multiple vulnerabilities in TinyWebGallery
Advisory ID: HTB23093 Product: TinyWebGallery Vendor: www.tinywebgallery.com Vulnerable Versions: 1.8.7 and probably prior Tested Version: 1.8.7 Vendor Notification: 23 May 2012 Vendor Patch: 24 May 2012 Public Disclosure: 13 June 2012 Vulnerability Type: Сross-Site Request Forgery CSRF, Arbitrar...
Arbitrary File Upload/Execution in Collabtive
TITLE: Arbitrary File Upload/Execution in Collabtive DATE: 06-04-2012 PRODUCT: Collabtive Web-Based Project Management Software http://collabtive.o-dyn.de/ VERSIONS: 0.7.5, 0.6.1 confirmed. All versions = 0.7.5 probable RESEARCHER: Mark Hoopes [email protected]/ ADDITIONAL INFORMATION:...
MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities
Title: ====== MYRE Real Estate Mobile 2012|2 - Multiple Vulnerabilities Date: ===== 2012-05-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=516 VL-ID: ===== 516 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
Boonex Dolphin v7.0.9 CMS & Mobile App - Multiple Web Vulnerabilities
Title: ====== Boonex Dolphin v7.0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-05-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=565 http://www.vulnerability-lab.com/getcontent.php?id=566 ID: Changeset 16256 VL-ID: ===== 565 Common Vulnerability Scoring...
[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability
CAL-2012-0023Microsoft IE Developer Toolbar Remote Code Execution Vulnerability CVE ID: CVE-2012-1874 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0023microsoft-ie-developer-toolbar-remote-code-execution-vulnerability/ 1...
IObit Protected Folder Authentication Bypass
From IObit: "Protected Folder is designed to password-protect your folders and files from being seen, read or modified in Windows 7, Vista, XP and Server 2008, 2003. It works like a safety box, just drag and drop the folders or files you want to hide or protect into Protected Folder, then no one...
ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-088 : HP DataDirect OpenAccess GIOP Opcode 0x0E Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-088 June 6, 2012 - -- CVE ID: CVE-2011-4163 - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors:...
CSNC-2012-004 Generic XSS in AdNovum nevisProxy
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: NevisProxy Vendor: AdNovum CVD ID: CSNC-2012-004 Subject: Cross-site scripting XSS within 302 Redirections Risk: High Effect: Remotely exploitable Author: Alexandre Herzog [email protected] Date: 02/23/2012...
IObit Protected Folder protection bypass
It's possible to bypass protection, e.g. by changing return value of password checking function...
[MATTA-2012-002] CVE-2012-1493; F5 BIG-IP remote root authentication bypass Vulnerability
Matta Consulting - Matta Advisory https://www.trustmatta.com F5 BIG-IP remote root authentication bypass Vulnerability Advisory ID: MATTA-2012-002 CVE reference: CVE-2012-1493 Affected platforms: BIG-IP platforms without SCCP Version: 11.x 10.x 9.x Date: 2012-February-16 Security risk: High...
[ MDVSA-2012:087 ] nut
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:087 http://www.mandriva.com/security/ Package : nut Date : June 5, 2012 Affected: 2010.1, 2011., Enterprise Server 5.0 Problem Description: A vulnerability has been discovered and corrected in nut: Buffer...
[CAL-2012-0026] Microsfot IE Same ID Property Remote Code Execution Vulnerability
CAL-2012-0026 Microsfot IE Same ID Property Remote Code Execution Vulnerability CVE ID: CVE-2012-1875 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0026-microsfot-ie-same-id-property-remote-code-execution-vulnerability/ 1...
AdNovum NevisProxy XSS
Crossite scripting via 302 redirection...
F5 BIG-IP authentication bypass
Full device acces is possible...
Network UPS Tools buffer overflow
Buffer overflow on oversized string...
arpwatch protection bypass
Elevated privileges are dropped incorrectly...
AST-2012-009: Skinny Channel Driver Remote Crash Vulnerability
Asterisk Project Security Advisory - AST-2012-009 Product Asterisk Summary Skinny Channel Driver Remote Crash Vulnerability Nature of Advisory Denial of Service Susceptibility Remote authenticated sessions Severity Minor Exploits Known No Reported On May 30, 2012 Reported By Christoph Hebeisen,...
Sielco Sistemi Winlog buffer overflow
Buffer overflow on TCP/46824 traffic parsing...