47153 matches found
phpWebSite (publisher) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability phpWebSite publisher AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : allinurl:"mod.php?mod=publisher" Exploite:...
Linux kernel DoS
Crash on BeFS filesystem parsing...
EMC RSA enVision security vulnerabilities
Information leakage, unauthorized access...
Cisco Unified Communications Manager / Cisco Unified Presence Server information leakage
OpenQuery information leakage...
Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
================================================== Cross-Site Scripting XSS in Microsoft ReportViewer Controls Adam Bixby - Gotham Digital Science [email protected] Public Release Date: 8/9/2011 Confirmed Affected Software: Microsoft Report Viewer Redistributable 2005 SP1 and Microsoft Visual...
Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution
Insomnia Security Vulnerability Advisory: ISVA-110822.1 Name: Pidgin IM Insecure URL Handling Remote Code Execution Reported: 21 July 2011 Vendor Link: http://www.pidgin.im Affected Products: Pidgin Instant Messaging Client = 2.9.0 Original Advisory:...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Apache Tomcat information leakage and unauthorized access
A part of AJP message data may be processed as a new AJP message...
webyuss (prodotto.php?id) (quadri.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability webyuss prodotto.php?id quadri.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webyuss.com/ Persian Gulf 4 Ever! Dork : "Powered by webyuss" "inurl:prodotto.php?id...
Fabio Rispoli (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Fabio Rispoli prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by Fabio Rispoli" Exploite: www.victim.com/prodotto.php?id=6+union+select...
DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal
Title ----- DDIVRT-2011-32 Axway SecureTransport '/icons/' Directory Traversal Severity -------- High Date Discovered --------------- July 15, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: sxkeebler and r@b13$ Vulnerability Description...
Multimedia Creative (prodotto.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Multimedia Creative prodotto.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.multimediacreative.it/ Persian Gulf 4 Ever! Dork : "Powered by Multimedia Creative"...
Datriks Solutions (prodotto.php?id) (dettaglio_socio.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Datriks Solutions prodotto.php?id dettagliosocio.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.datriks.net/ Persian Gulf 4 Ever! Dork : "Powered by Datriks...
ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-030: RSA, The Security Division of EMC, announces security fixes for RSA enVision Advisories Updated August 22, 2011 Summary: RSA, The Security Division of EMC, announces security fixes to address two security vulnerabilities in RSA enVision®...
XSS in IBM Open Admin Tool
“XSS in IBM Open Admin Tool OAT2.27installwindows.exe” Product version tested : OAT v2.27 Vendore has been informed : July 27, 2010 They fix the vulnerability on : March 2011 Fixed version: OAT v2.72 Credit : sumit kumar soni [email protected] Product Link:...
Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Open Query Interface in Cisco Unified Communications Manager and Cisco Unified Presence Server Advisory ID: cisco-sa-20110824-cucm-cups Revision 1.0 For Public Release 2011 August 24 1600 UTC GMT...
NetSaro Enterprise Messenger Server Administration Console Source Code Disclosure
Vulnerability title: NetSaro Enterprise Messenger Server Administration Console Null Byte Request Source Code Disclosure CVSS Risk Rating: 5 Medium Product: NetSaro Enterprise Messenger Server Application Vendor: SEM Software Vendor URL: http://www.netsaro.com/ Public disclosure date: 8/22/2011...
[Foreground Security 2011-001]: Casper Suite (JSS 8.1) Cross-Site Scripting
============================================================ FOREGROUND SECURITY, SECURITY ADVISORY 2011-001 - Original release date: August 27, 2011 - Discovered by: Jose Carlos de Arriba - Contact: jcarriba at foregroundsecurity dot com, dade at painsec dot com - Severity: 4.3/10 Base CVSS Scor...
Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Apache HTTPd Range Header Denial of Service Vulnerability Advisory ID: cisco-sa-20110830-apache Revision 1.0 For Public Release 2011 August 30 1600 UTC GMT Summary ======= The Apache HTTPd server contains a denial of service...
LifeSize Room Vulnerabilities
Discovered: 07-13-11 By: Spencer McIntyre zeroSteiner SecureState R&D Team www.securestate.com Background: ----------- Multiple vulnerabilities within the LifeSize Room appliance. Vulnerability Summaries: ------------------------ Login page can be bypassed, granting administrative access to the w...
[PRE-SA-2011-06] Linux kernel: ZERO_SIZE_PTR dereference for long symlinks in Be FS
PRE-CERT Security Advisory ========================== Advisory: PRE-SA-2011-06 Released on: 19 August 2011 Last updated on: 19 August 2011 Affected product: Linux Kernel 2.4, 2.6, and 3.0 Impact: denial-of-service Origin: Be file system Credit: Timo Warns PRESENSE Technologies GmbH CVE Identifier...
Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Denial of Service Vulnerabilities in Cisco Intercompany Media Engine Advisory ID: cisco-sa-20110824-ime Revision 1.0 For Public Release 2011 August 24 1600 UTC GMT...
[SECURITY] CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure
CVE-2011-3190 Apache Tomcat Authentication bypass and information disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: - Tomcat 7.0.0 to 7.0.20 - Tomcat 6.0.0 to 6.0.33 - Tomcat 5.5.0 to 5.5.33 - Earlier, unsupported versions may also be affected Description:...
NetSaro information leakage
Source code leakage via administration web interface...
Concrete CMS 5.4.1.1 <= Cross Site Scripting
Concrete CMS 5.4.1.1 = Cross Site Scripting 1. OVERVIEW Concrete CMS 5.4.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Concrete5 makes running a website easy. Go to any page in your site, and a editing toolbar gives you all the controls you need to update your...
Marinet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marinet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marinet.gr/ Persian Gulf 4 Ever! Dork : "Powered by Marinet" "inurl:products.php?categoryid=" Exploite :...
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability
ZDI-11-274: EMC Autostart ftAgent Opcode 0x140 Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-274 August 23, 2011 -- CVE ID: CVE-2011-2735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC AutoStart --...
Jcow CMS 4.2 <= | Cross Site Scripting
Jcow CMS 4.2 = | Cross Site Scripting 1. OVERVIEW Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for...
Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Dataminas noticias.php?categoriaid galeria.php?galeriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dataminas.com.br/ Persian Gulf 4 Ever! Dork : "Powered by...
JagoanStore CMS Arbitary file upload vulnerability
Software: JagoanStore CMS Vendor: www.jagoanstore.com Price: Rp.900.000 IDR Vuln Type: Arbitary file upload Author: eidelweiss contact: eidelweissatwindowslivedotcom Home: www.eidelweiss-advisories.blogspot.com Gratz: Devilzc0de, YOGYACARDERLINK, and YOU !!! References:...
[slackware-security] php (SSA:2011-237-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2011-237-01 New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...
Warah Agencia (productos.php?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Warah Agencia productos.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.warah.com.ar/ Persian Gulf 4 Ever! Dork : "DESIGN BY WARAH AGENCIA CREATIVA"...
Marinet Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Marinet AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.marinet.gr/ Persian Gulf 4 Ever! Dork : "Powered by Marinet" "inurl:products.php?categoryid=" Exploite :...
Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Foresta Creativa prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.forestacreativa.com/ Persian Gulf 4 Ever! Dork : "Powered by Foresta Creativa"...
Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Alfazeta list-prodotti.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.alfazeta.net/ Persian Gulf 4 Ever! Dork : inurl:list-prodotti.php?idcategoria=...
[PT-2011-23] Database information disclosure in GLPI
---------------------------------------------------------------------- PT-2011-23 Positive Technologies Security Advisory Database information disclosure in GLPI ---------------------------------------------------------------------- --- Vulnerable software GLPI Version 0.80.1 and earlier...
EMC AutoStart multiple buffer overflows
Multiple buffer overflows on network requests parsing...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Web Art Studio (prodotto.php?lang) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Art Studio prodotto.php?lang AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.was.it/ Persian Gulf 4 Ever! Dork : "Web Art Studio Web Agency" "inurl:prodotto.php?lang=...
Spherica Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Spherica AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.spherica.it/ Persian Gulf 4 Ever! Dork : "powered by spherica" "inurl:prodotto.php?idcatalogo=" Exploite:...
Nativedreams (Fabarth_gallery.php?categoria_id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Nativedreams Fabarthgallery.php?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.nativedreams.com/ Persian Gulf 4 Ever! Dork :...
SQL-Ledger patch update for SQL injection
Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for...
CreatiWeb Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CreatiWeb AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.crweb.it/ Persian Gulf 4 Ever! Dork : "Powered by CreatiWeb" "inurl:dettaglionews.php?id=" Exploite:...
PHP multiple security vulnerabilities
NULL pointer dereference, ZipArchive mmemroy corruptions...
Listendifferent (prodotto.php?IDprodotto) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Listendifferent prodotto.php?IDprodotto AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.listendifferent.com/ Persian Gulf 4 Ever! Dork : "Concept and Designed by...
Web Progetto (prodotti.php?idcategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Progetto prodotti.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.webprogetto.it/ Persian Gulf 4 Ever! Dork : "by Web Progetto"...
ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability ValtNet photogallery.html?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.valtnet.com/ Persian Gulf 4 Ever! Dork : allinurl:"photogallery.html?idcategoria="...
Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Data Center Foz productcat.php?CATEGORIAID AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by DataCenterFoz" Exploite:...
BUZLAB (prodotti.php?idCategoria) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability BUZLAB prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.buzlab.com/ Persian Gulf 4 Ever! Dork : "Produced by BUZLAB"...
[CVE-2011-2712] Apache Wicket XSS vulnerability
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Wicket 1.4.x Apache Wicket 1.3.x and 1.5-RCx are not affected Description: With multi window support application configuration and special query parameters it is possible to execute any kind of JavaScript on a si...