47153 matches found
Multiple XSS vulnerabilities in LightNEasy 3.2.4
Advisory: Multiple XSS vulnerabilities in LightNEasy Advisory ID: SSCHADV2011-013 Author: Stefan Schurtz Affected Software: 3.2.4 Vendor URL: http://www.lightneasy.org/ Vendor Status: informed CVE-ID: - ========================== Vulnerability Description: ========================== LightNEasy is...
WSTAFF Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability WSTAFF AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.wstaff.it/ Persian Gulf 4 Ever! Dork : "Powered by: WSTAFF srl" Exploite: www.victim.com/prodotti.php?codice=-5 uni...
Pranian Group e107 Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities Pranian Group e107 AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "by Pranian Group e107" Exploite:...
Abarkam (detail.php?input) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Abarkam detail.php?input AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.abarkam.com/ Persian Gulf 4 Ever! Dork : allinurl:"detail.php?input=" Exploite:...
BvCom (dettaglio.php?idnews) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability BvCom dettaglio.php?idnews AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bvcom.it/ Persian Gulf 4 Ever! Dork : "Powered by: bvcom.it" "inurl:dettaglio.php?idnews="...
ZDI-11-279: (0day) Witness Systems eQuality Unify Remote Code Execution Vulnerability
ZDI-11-279: 0day Witness Systems eQuality Unify Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-279 September 2, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Nortel Witness Systems -- Affected Products: Nortel Contact Recording and Quali...
XSS Ebuddy (responsible disclosure)
Early this morning, the security group Virtual Luminous published a vulnerability in 'Ebuddy Web Messenger' and we would like to inform you that this vulnerability had been discovered and reported to the vendor on June 5th, 2011 by DcLabs Security Research Group. In the report below you are going...
Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin
====Vulnerability==== The '1 Flash Gallery' WordPress plugin http://wordpress.org/extend/plugins/1-flash-gallery/ is vulnerable to an arbitrary file upload vulnerability. This vulnerability is present from version 1.30 until version 1.5.7. The plugin has been downloaded an estimated 460,000 times...
Multiple vulnerabilities in MantisBT
Vulnerability ID: HTB23045 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinmantisbt.html Product: MantisBT Vendor: www.mantisbt.org http://www.mantisbt.org/ Vulnerable Version: 1.2.7 and probably prior Tested Version: 1.2.7 Vendor Notification: 31 August 2011 Vulnerability...
TTW (ricetta.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability TTW ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.tamtamsrl.it/ Persian Gulf 4 Ever! Dork : "credits ttw" "inurl:ricetta.php?id=" Exploite:...
Witness Systems eQuality Unify buffer overflow
Buffer overflow on TCP/6821 packet parsing...
ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability
ZDI-11-278: Novell Cloud Manager Insufficient Framework User Validation Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-278 September 2, 2011 -- CVE ID: CVE-2011-2654 -- CVSS: 9.3, AV:N/AC:M/Au:N/C:C/I:C/A:C -- Affected Vendors: Novell -- Affected Products: Novell eDirectory --...
Pranian Group e107 Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities Pranian Group e107 AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "by Pranian Group e107" Exploite:...
Manifattura Web (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Manifattura Web prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.manifatturaweb.it/ Persian Gulf 4 Ever! Dork : "Manifattura Web" "inurl:prodotto.php?id="...
Virtualismi (prodotto.php?id) Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Loop ricetta.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.loopmm.com/ Persian Gulf 4 Ever! Dork : "Loop - creazioni multimediali" "inurl:ricetta.php?id="...
[SECURITY] [DSA 2301-1] rails security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2301-1 [email protected] http://www.debian.org/security/ Luciano Bello September 5, 2011 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Security bypass vulnerability in MyBB
Hello 3APA3A! I want to warn you about security bypass vulnerability in MyBB, which allows to bypass protection against Brute Force and conduct Brute Force attacks. In August in my article Bypassing captchas and blocking at web sites http://websecurity.com.ua/5334/ I wrote about vulnerability in...
openvas race conditions
Race conditions for symbolic link attack...
openvas 2.x race condition
openvas-server/openvas/ovalplugins.c ... resultsfilename = "/tmp/results.xml"; if gfiletest resultsfilename, GFILETESTEXISTS logwrite "Found existing results file in s, deleting it to avoid conflicts.", resultsfilename; it unlink /tmp/results.xml avoid symlink attack then spawn process that write...
Studio Linea (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Studio Linea prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.studiolinea.com/ Persian Gulf 4 Ever! Dork : "Designed by Studio Linea srl" Exploite:...
Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Denial of Service Vulnerability in Cisco TelePresence Codecs Advisory ID: cisco-sa-20110831-tandberg Revision 1.0 For Public Release 2011 August 31 1600 UTC GMT...
ITTWeb Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability ITTWeb AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.ittweb.net/ Persian Gulf 4 Ever! Dork : "Web Design By I.T.&T" "inurl:?id=" Exploite:...
CWM (dettaglio-prodotto.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CWM dettaglio-prodotto.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cynaskyweb.it/ Persian Gulf 4 Ever! Dork : "Powered by CWM" "inurl:dettaglio-prodotto.asp?id...
Apple QuickTime multiple security vulnerabilities
Memory corruptions in PICT, JPEG2000, WAV, JPEG, GIF and different movie formats parsing, crossite scripting...
Mediagrafic (prodotto.asp?id) (records.asp?id_p) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Mediagrafic prodotto.asp?id records.asp?idp AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.mediagrafic.eu/ Persian Gulf 4 Ever! Dork : "Powered by Mediagrafic.it"...
Pc Web Agency (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Pc Web Agency prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.pcwebagency.it/ Persian Gulf 4 Ever! Dork : "Powered by Pc Web Agency"...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Symantec Veritas Backup Exec code execution
It's possible to execute privileged command remotely...
Vulnerabilities in BroadWin WebAccess Client 1.0.0.10
Luigi Auriemma Application: BroadWin WebAccess Client http://broadwin.com/Client.htm Versions: bwocxrun.ocx = 1.0.0.10 aka version 7.0 Platforms: Windows Bugs: A format string B arbitrary memory corruption Exploitation: remote Date: 02 Sep 2011 Author: Luigi Auriemma e-mail: [email protected]...
XSS in Redirection wordpress plugin
Vulnerability ID: HTB23038 Reference: https://www.htbridge.ch/advisory/xssinredirectionwordpressplugin.html Product: Redirection wordpress plugin Vendor: John Godley http://urbangiraffe.com Vulnerable Version: 2.2.8 and probably prior Tested Version: 2.2.8 Vendor Notification: 10 August 2011...
Dexanet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Dexanet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dexanet.com/ Persian Gulf 4 Ever! Dork : "inurl:competenzeprodotti.asp?id=" Exploite:...
[PT-2011-19] SQL injection vulnerability in Help Request System
---------------------------------------------------------------------- PT-2011-19 Positive Technologies Security Advisory SQL injection vulnerability in Help Request System ---------------------------------------------------------------------- --- Vulnerable software Help Request System Version...
Sana Net (viewnews.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewnews.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : "inurl:viewnews.php?id=" " " Exploite:...
[security bulletin] HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service (DoS), Execution of Arbitrary Code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02962262 Version: 1 HPSBUX02700 SSRT100506 rev.1 - HP-UX running VEA, Remote Denial of Service DoS, Execution of Arbitrary Code NOTICE: The information in this Security Bulletin should be acted...
BroadWin WebAccess Client ActiveX security vulnerabilities
Format string vulnerability, memory corruption...
KnFTPd v1.0.0 Multiple Command Remote Buffer Overflow
KnFTPd FTP Server v1.0.0 is vulnerable to a buffer overflow caused by improper bounds checking. By sending an overly long request to Multpile FTP commandUSER,PASS,REIN,QUIT,PORT,PASV,TYPE,STRU,MODE,RETR,STOR,...
ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability
ZDI-11-277: Apple QuickTime 3g2 'mp4v' atom size Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-277 August 31, 2011 -- CVE ID: CVE-2011-0258 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple QuickTime --...
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger
Affects versions: SQL-Ledger 2.8.33 and lower LedgerSMB 1.2.24 and lower. Both programs have vendor fixes available in the form of new, patched versions. These have been out for over a week with appropriate advisories, with users having time to upgrade. Files affected: LedgerSMB/RP.pm for LedgerS...
Olonet (prodotto.php?idproduct) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Olonet prodotto.php?idproduct AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.olonet.net/ Persian Gulf 4 Ever! Dork : "Powered & designed by Olonet.net" Exploite:...
Fulci (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability fulci prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.fulci.it/ Persian Gulf 4 Ever! Dork : "designed by fulci.it" "prodotto.php?id=" Exploite:...
Secunia Research: InduSoft ISSymbol ActiveX Control Buffer Overflow Vulnerabilities
====================================================================== Secunia Research 01/09/2011 - InduSoft ISSymbol ActiveX Control Buffer Overflows - ====================================================================== Table of Contents Affected...
KnFTPd FTP Server buffer overflows
Buffer overflows in different FTP commands...
ph5gruppo (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability ph5gruppo prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.ph5gruppo.it/ Persian Gulf 4 Ever! Dork : "Sito realizzato da ph5 gruppo" Exploite:...
Sana Net (viewpages.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Sana Net viewpages.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.sana-net.com/ Persian Gulf 4 Ever! Dork : inurl:"viewpages.php?id=" " " Exploite:...
Pidgin code execution
It's possible to execute code via file:// URL...
JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities
www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media Manager 1.5.6.3, Template Manager 1.5.5, File Manager 1.5.4.1 & prior...
Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marketing & Development prodotto.php?cat AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marketingdev.com Persian Gulf 4 Ever! Dork : "powered by Marketing & Development"...
Microsoft Report Viewer crossite scripting
ActiveX crossite scripting...
bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability bizConsulting prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bizconsulting.it/ Persian Gulf 4 Ever! Dork : "Powered by: bizConsulting"...