PHP 5.3.6 multiple null pointer dereference

PHP 5.3.6 multiple null pointer dereference Author: Maksymilian Arciemowicz http://securityreason.com/ http://securityreason.net/ http://cxib.net/ Date: - Dis.: 20.07.2011 - Pub.: 19.08.2011 Affected Software verified: PHP 5.3.6 and prior Fixed: PHP 5.3.7 Original URL:...

SQL-Ledger patch update for SQL injection

Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for...

Dataminas (noticias.php?categoria_id) (galeria.php?galeria_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Dataminas noticias.php?categoriaid galeria.php?galeriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.dataminas.com.br/ Persian Gulf 4 Ever! Dork : "Powered by...

Foresta Creativa (prodotti.php?idCategoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Foresta Creativa prodotti.php?idCategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.forestacreativa.com/ Persian Gulf 4 Ever! Dork : "Powered by Foresta Creativa"...

Jcow CMS 4.2 <= | Cross Site Scripting

Jcow CMS 4.2 = | Cross Site Scripting 1. OVERVIEW Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for...

HTTPKiller - (Global HTTP DoS)

Connection Keep-Alive + Pipelining + Close the connection before the response + Something... = DoS Apache, IIS, Squid, NetCache, What else?...

NGS00054 Technical Advisory: : Lumension Device Control (formerly Sanctuary) remote memory corruption

======= Summary ======= Name: Lumension Device Control formerly Sanctuary remote memory corruption Release Date: 24 August 2011 Reference: NGS00054 Discoverer: Andy Davis [email protected] Vendor: Lumension Vendor Reference: Systems Affected: Lumension Device Control v4.4 SR6 Risk: High...

ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability

ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-273 August 23, 2011 -- CVE ID: CVE-2011-2735 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: EMC -- Affected Products: EMC AutoStart -- TippingPointTM...

################################ IRANIAN THE BEST HACKERS IN THE WORLD ################## #################### #################### ## ## Remote SQL injection Vulnerability ## ## Dataminas (noticias.php?categoria_id) (galeria.php?galeria

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Simply Media Web archivio.asp?categoriaid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.simplymediaweb.it/ Persian Gulf 4 Ever! Dork : "Powered by Simply Media Web"...

Data Center Foz (product_cat.php?CATEGORIA_ID) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Data Center Foz productcat.php?CATEGORIAID AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by DataCenterFoz" Exploite:...

B-Keen communication (dettaglio_news.php&id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability B-Keen communication dettaglionews.php&id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.b-keen.it/ Persian Gulf 4 Ever! Dork : "Powered by B-Keen communication"...

Nafis Group (review.php?ID) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Nafis Group review.php?ID AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : "Powered by : Nafis Group" Exploite: www.victim.com/review.php?ID=SQL SpeCial TanX To :...

Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower

Hi all; The LedgerSMB development team has found an SQL injection issue in LedgerSMB 1.2.24. Because this issue stems from our common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger 2.8.33. We contacted Dieter when we initially discovered this and no...

[slackware-security] php (SSA:2011-237-01)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security php SSA:2011-237-01 New php packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...

Alfazeta (list-prodotti.php?idcategoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Alfazeta list-prodotti.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.alfazeta.net/ Persian Gulf 4 Ever! Dork : inurl:list-prodotti.php?idcategoria=...

ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability

ZDI-11-276: Adobe Flash Player MP4 sequenceParameterSetNALUnit Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-276 August 23, 2011 -- CVE ID: CVE-2011-2140 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Flash...

ValtNet (photogallery.html?id_categoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability ValtNet photogallery.html?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.valtnet.com/ Persian Gulf 4 Ever! Dork : allinurl:"photogallery.html?idcategoria="...

CreatiWeb Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CreatiWeb AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.crweb.it/ Persian Gulf 4 Ever! Dork : "Powered by CreatiWeb" "inurl:dettaglionews.php?id=" Exploite:...

FLV Player flash application multiple security vulnerabilities

Content spoofing, crossite scripting...

[USN-1196-1] eCryptfs vulnerability

========================================================================== Ubuntu Security Notice USN-1196-1 August 23, 2011 ecryptfs-utils vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivative...

Уязвимости в FLV Player

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Content Spoofing и Cross-Site Scripting уязвимостях в флеш видео плеере FLV Player. Content Spoofing WASC-12: Флешки плеера FLV Player принимают произвольные адреса в параметре configxml, что позволяет подделать содержимое флешки - например, указа...

eCryptfs multiple security vulnerabilities

Privilege escalation, information leakage...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Mozilla Fireox / Seamonkey / Thunderbird multiple security vulnerabilities

Multiple memory corruptions, crossite access, information leak, restriction bypass...

ASPR #2011-08-18-1: Remote Binary Planting in Mozilla Firefox

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-1 ------------------------------------------------------------------------- ASPR 2011-08-18-1: Remote Binary Planting in Mozilla Firefox...

ALTOGRADO (catalogo.php?id_categoria) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability ALTOGRADO catalogo.php?idcategoria AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.altogrado.com.ar/ Persian Gulf 4 Ever! Dork : "Powered by ALTOGRADO"...

Elgg 1.7.10 <= | Multiple Vulnerabilities

OVERVIEW The Elgg 1.7.10 and lower versions are vulnerable to Cross Site Scripting and SQL Injection. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured...

ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart

ESA-2011-025.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-025: Multiple buffer overflow vulnerabilities in EMC AutoStart EMC Identifier: ESA-2011-025 CVE Identifier: CVE-2011-2735 Severity Rating: CVSS v2 Base Score: 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC AutoStart...

ASPR #2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird

=====BEGIN-ACROS-REPORT===== PUBLIC ========================================================================= ACROS Security Problem Report 2011-08-18-2 ------------------------------------------------------------------------- ASPR 2011-08-18-2: Remote Binary Planting in Mozilla Thunderbird...

Grupo Argentina Web Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Grupo Argentina Web AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://grupoargentinaweb.com/ Persian Gulf 4 Ever! Dork : "Designed & powered by GAW GrupoArgentinaWeb"...

ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability

ZDI-11-270: Mozilla Firefox SVGTextElement.getCharNumAtPosition Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-270 August 17, 2011 -- CVE ID: CVE-2011-0084 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla...

ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability

ZDI-11-271: Mozilla Firefox appendChild DOM Tree Inconsistency Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-271 August 17, 2011 -- CVE ID: CVE-2011-2378 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Mozilla -- Affected Products: Mozilla...

Microsoft Windows DHCPv6 DoS

RPC crashes on DHCP reply with empty Domain Search List...

RealNetworks Realplayer multiple security vulnerabilities

QCP, AAC, MP3, SWF, SIPR parsing memory corruptions, crossite scripting, unsafe methods and buffer overflow in ActiveX...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

VMware vFabric tc Server weak encryption

Server accepts cleartext password even if it's not allowed for user...

Oracle Sun Java multiple security vulnerabilities

No description provided...

Apache Tomcat security vulnerabilities

Privilege escalation, information disclosure...

CheckPoint Security Management products symbolic links vulnerability

Symbolic links vulnerability during installation...

Adobe Shockwave Player multiple security vulnerabilities

Multiple memory corruptions...

StudioLine Photo Basic ActiveX code execution

Unsafe EnableLog method...

Symantec Veritas Storage Foundation multiple security vulnerabilities

Multiple vulnerabilities on TCP/2148 request parsing...

foomatic code execution

It's possible to execute code via .ppd files...

NetSaro Enterprise Messenger Server weak encryption

Passwords are stored in cleartext or in reverible form...

EMC RSA Adaptive Authentication authentication data reuse (On-Premise)

No description provided...

CheckPoint SSL VPN ActiveX code execution

Unsafe methods allow file upload and execute...

Nortel / Avaya Media Application Server buffer overflow

Buffer overflow on TCP/52005 request parsing...

ISC DHCPD DoS

Crash on BOOTP packet parsing...

PCVmedia (free_gallery.php?cat_id) Remote SQL injection Vulnerability

IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability PCVmedia freegallery.php?catid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.pcvmedia.com/ Persian Gulf 4 Ever! Dork : "Website designed & developed by PCVmedia.com"...

[ MDVSA-2011:125 ] foomatic-filters

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:125 http://www.mandriva.com/security/ Package : foomatic-filters Date : August 14, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...