47153 matches found
Astaro Command Center v2.x - Multiple Web Vulnerabilities
Title: ====== Astaro Command Center v2.x - Multiple Web Vulnerabilities Date: ===== 2012-04-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=4 VL-ID: ===== 4 Introduction: ============= We are pleased to announce the General Availability of the Astaro Command Center...
[security bulletin] HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03249176 Version: 1 HPSBPV02754 SSRT100803 rev.1 - HP ProCurve 5400 zl Switch, Compact flash card virus NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...
Asterisk multiple security vulnerabilities
Buffer overflow on Skinny processing, DoS via SIP, Asterisk Manager code execution...
AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver
Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On April 16, 2012 Reported By Thomas Arimont Posted...
WebCalendar <= 1.2.4 Two Security Vulnerabilities
------------------------------------------------- WebCalendar = 1.2.4 Two Security Vulnerabilities ------------------------------------------------- author..........: Egidio Romano aka EgiX mail............: n0b0d13satgmaildotcom software link...: https://sourceforge.net/projects/webcalendar/ -...
[SECURITY] [DSA 2448-1] inspircd security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2448-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire April 10, 2012 http://www.debian.org/security/faq -...
InspIRCd buffer overflow
Buffer overflow on DNS request processing...
Multiple XSS vulnerabilities in XOOPS
Advisory ID: HTB23062 Product: XOOPS Vendor: xoops.org Vulnerable Versions: 2.5.4 and probably prior Tested Version: 2.5.4 Vendor Notification: 7 December 2011 Vendor Patch: 22 February 2012 Public Disclosure: 18 April 2012 Vulnerability Type: XSS Cross Site Scripting CVE References: CVE-2012-098...
[waraxe-2012-SA#086] - Local File Inclusion in Invision Power Board 3.3.0
waraxe-2012-SA086 - Local File Inclusion in Invision Power Board 3.3.0 =============================================================================== Author: Janek Vind "waraxe" Date: 12. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-86.html CVE:...
Security advisory for Bugzilla 4.2.1, 4.0.6 and 3.6.9
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: When abusing the X-FORWARDED-FOR header, an attacker could bypass the lockout policy allowing a possible brute-force discovery o...
seditio-build170.20120302_sql_injection_CSRF_info_disclosure_XSS.txt
============================================================ Vulnerable Software: Seditio 170 seditio-build170.20120302 Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar...
Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities
Title: ====== Cyberoam UTM v10.01.2 build 059 - File Include Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=498 VL-ID: ===== 498 Introduction: ============= Cyberoam Unified Threat Management appliances offer comprehensive securit...
DoS vulnerability in WordPress
Hello 3APA3A! I want to warn you new about security vulnerability in WordPress. This is Denial of Service vulnerability. Which exists in security functionality, which protects against Abuse of Functionality vulnerability in WordPress, which I've disclosed in 2009 and which was not fixed correctly...
DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities
Title: ====== DHTMLX Suite v.3.0 - Multiple Web Vulnerabilities Date: ===== 2012-04-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=507 VL-ID: ===== 507 Introduction: ============= To demonstrate the rich possibilities of DHTMLX controls and to show how they work...
Acuity CMS 2.6.x <= Cross Site Scripting
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION...
DokuWiki Ver.2012/01/25 CSRF Add User Exploit
DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...
Multiple XSS vulnerabilities in All-in-One Event Calendar Plugin for WordPress
Advisory ID: HTB23082 Product: All-in-One Event Calendar Plugin for WordPress Vendor: The Seed Studio Vulnerable Versions: 1.4 and probably prior Tested Version: 1.4 Vendor Notification: 21 March 2012 Public Disclosure: 11 April 2012 Vulnerability Type: Cross-Site Scripting XSS CVE References:...
[SECURITY] [DSA 2455-1] typo3-src security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2455-1 [email protected] http://www.debian.org/security/ Nico Golde April 20, 2012 http://www.debian.org/security/faq -...
[waraxe-2012-SA#085] - Reflected XSS in Uploadify Integration Wordpress plugin
waraxe-2012-SA085 - Reflected XSS in Uploadify Integration Wordpress plugin =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-85.html Description of vulnerabl...
Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities
Title: ====== Siche Search v.0.5 Zerboard - Multiple Web Vulnerabilities Date: ===== 2012-04-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=504 VL-ID: ===== 504 Introduction: ============= Siche search v.0.5 for Zerboard is search module to known CMS named Zeroboard...
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0
TC-SA-2012-01: Multiple web-vulnerabilities in ownCloud 3.0.0 Published: 2012/04/18 Version 1.0 Affected products: ownCloud version 3.0.0 others not tested http://owncloud.org References: TC-SA-2012-01 www.tele-consulting.com/advisories/TC-SA-2012-01.txt used for updates CVE-2012-2269 - XSS in...
Netjuke 1.0 RC1 - SQL Injection Vulnerabilities
Title: ====== Netjuke 1.0 RC1 - SQL Injection Vulnerabilities Date: ===== 2012-04-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=506 VL-ID: ===== 506 Introduction: ============= The Netjuke is a Web-Based Audio Streaming Jukebox powered by PHP 4, a database and all...
EMC Data Protection Advisor security vulnerabilities
Integer overflow, NULL pointer dereference...
PHPNuke Module's Name Download SQL Injection Vulnerabilities
.-" "-. / | | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / / @ +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- - www.???.com/modules.php?name=Downloads&dop=viewdownloadeditorial&lid=sql - Injection code...
XSS and FPD vulnerabilities in Organizer for WordPress
Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the first in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent and Full path disclosure vulnerabilities...
seditio_PmOS_plugin_XSS_vuln
============================================================================ Vulnerable Software: PmOS - Pm Okuma Sistemi plugin for Seditio CMS. http://seditio-eklenti.com/datas/users/1-pmoku.rar MD5 SUM: 88235c2b4b0613bff87545d2d887f042 1-pmoku.rar...
phpMyBible 0.5.1 Mutiple XSS
Exploit Title: phpMyBible 0.5.1 Mutiple XSS Date: 04/15/12 Author: G13 Twitter: @g13net Software http://sourceforge.net/projects/phpmybible/?source=directory Version: 0.5.1 Category: webapps php Description phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as...
Havalite CMS v1.0.4 - Multiple Web Vulnerabilities
Title: ====== Havalite CMS v1.0.4 - Multiple Web Vulnerabilities Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=520 VL-ID: ===== 520 Introduction: ============= Havalite, a lightweight, open source CMS, based on php and SQLite. It's licensed unde...
XSS and Blind SQL Injection Vulnerabilities in ExponentCMS
Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Software : ExponentCMS 2.0.5 and possibly below. Vendor Homepage : http://www.exponentcms.org Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Onur Y?lmaz...
sfquickban_plugin_CSRF
================================================================ Vulnerable Software: SF - Quick Ban sfquickban version 1.0 is Plugin for Seditio CMS. http://www.seditioforge.com/plugins/administration/sf-quick-ban-i65.html http://www.seditioforge.com/page.php?id=65&a=dl MD5 SUM:...
CitrusDB 2.4.1 - LFI/SQLi Vulnerability
CitrusDB 2.4.1 - LFI/SQLi Vulnerability Author: Michal wacky Blaszczak WWW: blaszczakm.blogspot.com CitrusDB is an open source customer service and billing database. It can be used by customer service personnel to provide sales and support to customers, and by billing staff to bill customers for...
Specially crafted Json service request allows full control over a Liferay portal instance
Specially crafted Json service request allows full control over a Liferay portal instance Description: Liferay Portal is an enterprise portal written in Java By doing a single http request you can reconfigure Liferay to use a remote Memcached cache instead of it's own cache...
ACC PHP eMail v1.1 - Multiple Web Vulnerabilites
Title: ====== ACC PHP eMail v1.1 - Multiple Web Vulnerabilites Date: ===== 2012-04-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=505 VL-ID: ===== 505 Introduction: ============= Acc PHP eMail is a email subscription and management script. Manage subscribers them an...
Chengdu Bureau of Commerce - SQL Injection Vulnerability
Title: ====== Chengdu Bureau of Commerce - SQL Injection Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=312 VL-ID: ===== 312 Introduction: ============= May 20, by my bureau composed of 10 members, participated in by the Chinese...
online newspaper university"newsdesc.php" SQL Injection Vulnerabilities
Title : online newspaper university "newsdesc.php" SQL Injection Vulnerabilities Discovered By: CrAzY CrAcKeR Home : Null Email : [email protected] date : 12/4/2012 d0rk:- inurl:"inurl:news/newsdesc.php" +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- -...
CsForum v0.8 - Cross Site Scripting Vulnerability
Title: ====== CsForum v0.8 - Cross Site Scripting Vulnerability Date: ===== 2012-04-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=496 VL-ID: ===== 496 Introduction: ============= Forum very simple installation, this script is very light and yet it has several...
t3_dbtools_seditio_plugin_CSRF
====================================================================== Vulnerable software: T3 DB Tools Version 1.6 seditio database management plugin. Developed by : http://www.t3-design.com/t3-db-tools/ MD5 SUM: 8ab362601793e238f504783fd9953dd4 dbtools.rar...
Specially crafted webdav request allows reading of local files on liferay 6.0.x
Specially crafted webdav request allows reading of local files on liferay 6.0.x Description: Liferay Portal is an enterprise portal written in Java By creating a specially crafted webdav request that contains an external entity it is possible to read files from a liferay server. and echo these ba...
New XSS vulnerabilities in Register Plus Redux for WordPress
Hello 3APA3A! I want to warn you new about security vulnerabilities in Register Plus Redux for WordPress. These are Cross-Site Scripting vulnerabilities. After finding and fixing of 36 vulnerabilities in plugin Register Plus Redux in the end of previous year, I've released my version of the plugi...
ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-018: EMC Data Protection Advisor Multiple Vulnerabilities EMC Identifier: ESA-2012-018, DPA-14718 CVE Identifier: CVE-2012-0406 CVE Identifier: CVE-2012-0407 Severity Rating: CVSS v2 Base Score: See below for CVSS Base Scores for individual...
[waraxe-2012-SA#084] - Multiple Vulnerabilities in OpenCart 1.5.2.1
waraxe-2012-SA084 - Multiple Vulnerabilities in OpenCart 1.5.2.1 =============================================================================== Author: Janek Vind "waraxe" Date: 06. April 2012 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-84.html Description of vulnerable software:...
Microsoft Windows multiple security vulnerabilities
MSCOMCTL.ocx code execution, .Net code execution, WinVerifyTrust digital signature validation vulnerability...
Total Quality Machines (productdetail.php) SQL Injection Vulnerabilities
Title : Total Quality Machines productdetail.php SQL Injection Vulnerabilities Discovered By: CrAzY CrAcKeR Home : Null Email : [email protected] date : 14/4/2012 d0rk:- "Total Quality Machines" +-+-+-+-+-+-+-+-+-+-+ --+CrAzY CrAcKeR+-- +-+-+-+-+-+-+-+-+-+-+ Example:- -...
IPhone TreasonSMS - HTML Inject & File Include Vulnerability
Title: ====== IPhone TreasonSMS - HTML Inject & File Include Vulnerability Date: ===== 2012-04-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=154 VL-ID: ===== 154 Introduction: ============= treasonSMS allows you to send SMS from your desktop computer. It turns your...
GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities
Title: ====== GroupWare epesiBIM CRM 1.2.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-10 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=501 VL-ID: ===== 501 Introduction: ============= epesi BIM stands for Business Information Manager. We just did not like the...
.NET Framework EncoderParameter integer overflow vulnerability
------------------------------------------------------------------------ .NET Framework EncoderParameter integer overflow vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2011...
Liferay 6.1 can be compromised in its default configuration
Liferay 6.1 can be compromised in its default configuration Description: Liferay Portal is an enterprise portal written in Java By utilizing the json webservices exposed by the platform you can register a new user with any role in the system, including the built in administrator role. The problem...
osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities
Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for...