Apache Tomcat information leakage and unauthorized access

A part of AJP message data may be processed as a new AJP message...

Microsoft Report Viewer crossite scripting

ActiveX crossite scripting...

Cisco Unified Communications Manager / Cisco Unified Presence Server information leakage

OpenQuery information leakage...

XSS in IBM Open Admin Tool

“XSS in IBM Open Admin Tool OAT2.27installwindows.exe” Product version tested : OAT v2.27 Vendore has been informed : July 27, 2010 They fix the vulnerability on : March 2011 Fixed version: OAT v2.72 Credit : sumit kumar soni [email protected] Product Link:...

[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS

PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-06 Released on: 19 August 2011 Last updated on: 19 August 2011 Affected product: Linux Kernel 2.4, 2.6, and 3.0 Impact: denial-of-service Origin: Be file system Credit: Timo Warns PRESENSE Technologies GmbH CVE Identifier...

Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution

Insomnia Security Vulnerability Advisory: ISVA-110822.1 Name: Pidgin IM Insecure URL Handling Remote Code Execution Reported: 21 July 2011 Vendor Link: http://www.pidgin.im Affected Products: Pidgin Instant Messaging Client = 2.9.0 Original Advisory:...

ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision Advisories Updated August 22, 2011 Summary: RSA, The Security Division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision®...

Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls

================================================== Cross-Site Scripting XSS in Microsoft ReportViewer Controls Adam Bixby - Gotham Digital Science [email protected] Public Release Date: 8/9/2011 Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual...

Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability Advisory ID: cisco-sa-20110830-apache Revision 1.0 For Public Release 2011 August 30 1600 UTC GMT Summary ======= The Apache HTTPd server contains a denial of service...

NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure

Vulnerability title: NetSaro Enterprise Messenger Server Administration Console Null Byte Request Source Code Disclosure CVSS Risk Rating: 5 Medium Product: NetSaro Enterprise Messenger Server Application Vendor: SEM Software Vendor URL: http://www.netsaro.com/ Public disclosure date: 8/22/2011...

Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine Advisory ID: cisco-sa-20110824-ime Revision 1.0 For Public Release 2011 August 24 1600 UTC GMT...

[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting

============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-001 - Original release date: August 27, 2011 - Discovered by: Jose Carlos de Arriba - Contact: jcarriba at foregroundsecurity dot com, dade at painsec dot com - Severity: 4.3/10 Base CVSS Scor...

webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability webyuss prodotto.php?id quadri.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webyuss.com/ Persian Gulf 4 Ever! Dork : "Powered by webyuss" "inurl:prodotto.php?id...

JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

www.BugReport.ir AmnPardaz Security Research Team Title: JCE Joomla Extension =2.0.10 Multiple Vulnerabilities Vendor: www.joomlacontenteditor.net Exploit: Available Vulnerable Version: 2.0.10 Image Manager 1.5.7.13, Media Manager 1.5.6.3, Template Manager 1.5.5, File Manager 1.5.4.1 & prior...

Marketing & Development (prodotto.php?cat) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marketing & Development prodotto.php?cat AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marketingdev.com Persian Gulf 4 Ever! Dork : "powered by Marketing & Development"...

phpWebSite (publisher) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability phpWebSite publisher AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : allinurl:"mod.php?mod=publisher" Exploite:...

Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Fabio Rispoli prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by Fabio Rispoli" Exploite: www.victim.com/prodotto.php?id=6+union+select...

DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal

Title ----- DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal Severity -------- High Date Discovered --------------- July 15, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: sxkeebler and r@b13$ Vulnerability Description...

[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure

CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.20 - Tomcat 6.0.0 to 6.0.33 - Tomcat 5.5.0 to 5.5.33 - Earlier, unsupported versions may also be affected Description:...

Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Datriks Solutions prodotto.php?id dettagliosocio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.datriks.net/ Persian Gulf 4 Ever! Dork : "Powered by Datriks...

bizConsulting (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability bizConsulting prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.bizconsulting.it/ Persian Gulf 4 Ever! Dork : "Powered by: bizConsulting"...

Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Multimedia Creative prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.multimediacreative.it/ Persian Gulf 4 Ever! Dork : "Powered by Multimedia Creative"...

LifeSize Room Vulnerabilities

Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...

Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Advisory ID: cisco-sa-20110824-cucm-cups Revision 1.0 For Public Release 2011 August 24 1600 UTC GMT...

EMC AutoStart multiple buffer overflows

Multiple buffer overflows on network requests parsing...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Adobe Flash Player multiple security vulnerabilities

Memory corruptions, buffer overflows, integer overflows, crossite scripting...

Lumension Device Control memory corruption

Memory corruption on TCP/65129 traffic parsing...

PHP multiple security vulnerabilities

NULL pointer dereference, ZipArchive mmemroy corruptions...

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution

Jcow CMS 4.x:4.2 = , 5.x:5.2 = | Arbitrary Code Execution 1. OVERVIEW Jcow CMS versions 4.x: 4.2 and lower, 5.x: 5.2 and lower are vulnerable to Arbitrary Code Execution. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your...

Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Art Studio prodotto.php?lang AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.was.it/ Persian Gulf 4 Ever! Dork : "Web Art Studio Web Agency" "inurl:prodotto.php?lang=...

Concrete CMS 5.4.1.1 <= Cross Site Scripting

Concrete CMS 5.4.1.1 = Cross Site Scripting 1. OVERVIEW Concrete CMS 5.4.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Concrete5 makes running a website easy. Go to any page in your site, and a editing toolbar gives you all the controls you need to update your...

LAB GRAPHIC DESIGN (index.php?categoria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability LAB GRAPHIC DESIGN index.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by LAB GRAPHIC DESIGN " Exploite:...

Marinet Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marinet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marinet.gr/ Persian Gulf 4 Ever! Dork : "Powered by Marinet" "inurl:products.php?categoryid=" Exploite :...

ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability

ZDI-11-275: EMC Autostart ftAgent Opcode 0x11 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-275 August 23, 2011 -- CVE ID: CVE-2011-2735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC AutoStart --...

Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Warah Agencia productos.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.warah.com.ar/ Persian Gulf 4 Ever! Dork : "DESIGN BY WARAH AGENCIA CREATIVA"...

OMNITEC (prodotto.php?id_prodotto) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability OMNITEC prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "design e realizzazione by OMNITEC" Exploite:...

Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Progetto prodotti.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webprogetto.it/ Persian Gulf 4 Ever! Dork : "by Web Progetto"...

BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability BUZLAB prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.buzlab.com/ Persian Gulf 4 Ever! Dork : "Produced by BUZLAB"...

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache HTTPD Security ADVISORY ============================== UPDATE 2 Title: Range header DoS vulnerability Apache HTTPD 1.3/2.x CVE: CVE-2011-3192 Last Change: 20110826 1030Z Date: 20110824 1600Z Product: Apache HTTPD Web Server Versions: Apache 1.3...

Spherica Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Spherica AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.spherica.it/ Persian Gulf 4 Ever! Dork : "powered by spherica" "inurl:prodotto.php?idcatalogo=" Exploite:...

JagoanStore CMS Arbitary file upload vulnerability

Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...

Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Listendifferent prodotto.php?IDprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.listendifferent.com/ Persian Gulf 4 Ever! Dork : "Concept and Designed by...

[PT-2011-23] Database information disclosure in GLPI

---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...

TconZERO (prodotto.php?idprodotto) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability TconZERO prodotto.php?idprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.tconzero.net/ Persian Gulf 4 Ever! Dork : "Design By TconZERO"...

Marinet Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marinet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marinet.gr/ Persian Gulf 4 Ever! Dork : "Powered by Marinet" "inurl:products.php?categoryid=" Exploite :...

[PT-2011-23] Database information disclosure in GLPI

---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...

ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability

ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-274 August 23, 2011 -- CVE ID: CVE-2011-2735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC AutoStart --...

Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Nativedreams Fabarthgallery.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.nativedreams.com/ Persian Gulf 4 Ever! Dork :...

[CVE-2011-2712] Apache Wicket XSS vulnerability

Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5-RCx are not affected Description: With multi window support application configuration and special query parameters it is possible to execute any kind of JavaScript on a si...