47153 matches found
ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability
ZDI-11-257: Apple QuickTime Player H.264 Slice Header Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-257 August 16, 2011 -- CVE ID: CVE-2011-0247 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
XSS in Fast Secure Contact Form wordpress plugin
Vulnerability ID: HTB23036 Reference: http://www.htbridge.ch/advisory/xssinfastsecurecontactform.html Product: Fast Secure Contact Form wordpress plugin Vendor: Mike Challis http://www.fastsecurecontactform.com Vulnerable Version: 3.0.3.1 and probably prior Tested on: 3.0.3.1 Vendor Notification:...
netplanet (dettaglio.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability netplanet dettaglio.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.netplanet.it/ Persian Gulf 4 Ever! Dork : "Powered by netplanet" "inurl:dettaglio.asp?id="...
[ MDVSA-2011:126 ] java-1.6.0-openjdk
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:126 http://www.mandriva.com/security/ Package : java-1.6.0-openjdk Date : August 15, 2011 Affected: 2009.0, 2010.1, Enterprise Server 5.0 Problem Description: Multiple vulnerabilities were discovered and...
ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability
ZDI-11-262: Symantec Veritas Storage Foundation vxsvc.exe Unicode String Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-262 August 16, 2011 -- CVE ID: CVE-2011-0547 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Symantec -- Affected...
Neox (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Neox categoria.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.neox.es/ Persian Gulf 4 Ever! Dork : "inurl:categoria.php?id=" "Diseсo web - Mбlaga" Exploite:...
Multiple XSS in WP-Stats-Dashboard
Vulnerability ID: HTB23035 Reference: http://www.htbridge.ch/advisory/multiplexssinwpstatsdashboard.html Product: WP-Stats-Dashboard Vendor: Dave Ligthart http://www.daveligthart.com Vulnerable Version: 2.6.5.1 and probably prior Tested on: 2.6.5.1 Vendor Notification: 27 July 2011 Vulnerability...
WebsiteBaker 2.8.1 <= Arbitrary File Upload Vulnerability
OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND WebsiteBaker helps you to create the website you want: A free, easy and secure, flexible and extensible open source content management system CMS. Create new templates within minutes - powered...
EMC RSA Adaptive Authentication authentication data reuse (On-Premise)
No description provided...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability
ZDI-11-255: Apple QuickTime Player H.264 Reference Picture List Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-255 August 16, 2011 -- CVE ID: CVE-2011-0247 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quickti...
ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability
ZDI-11-261: HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-261 August 16, 2011 -- CVE ID: CVE-2011-2404 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Hewlett-Packard -- Affected...
ZDI-11-260: Nortel Media Application Server cstore.exe cs_anams Remote Code Execution Vulnerability
ZDI-11-260: Nortel Media Application Server cstore.exe csanams Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-260 August 16, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Nortel -- Affected Products: Nortel Media Application Server --...
cdeVision (index.php?page) Remote File Inclusion Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote File Inclusion Vulnerability cdeVision index.php?page AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cdevision.com/ Persian Gulf 4 Ever! Dork : "Site by cdeVision" "inurl:index.php?page=" Exploite:...
phpList Improper Access Control and Information Leakage vulnerabilities
======================================================================== Title: phpList Improper Access Control and Information Leakage vulnerabilities Product: phpList http://www.phplist.com/ Author: Davide Canali E-mail: davide at davidecanali dot com Date: 2011-08-10...
ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability
ZDI-11-265: RealNetworks Realplayer QCP Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-265 August 16, 2011 -- CVE ID: CVE-2011-2950 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: RealNetworks -- Affected Products: RealNetworks RealPlaye...
QOLQA (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability QOLQA categoria.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.qolqa.com/ Persian Gulf 4 Ever! Dork : "QOLQA" "inurl:categoria.php?id=" Exploite:...
Malformed DHCPv6 packets cause RPC to become unresponsive
Barracuda Networks AG Security Advisory 07/08/2011 Summary ----------------------------- Malformed DHCPv6 packets cause RPC to become unresponsive. Technical Details ----------------------------- There is a vulnerability in the part of RPC processing DHCPv6. The failure results because of incorre...
StudioLine Photo Basic 3 ActiveX control Insecure Method
Vulnerability ID: HTB23024 Reference: http://www.htbridge.ch/advisory/studiolinephotobasic3activexcontrolinsecuremethod.html Product: StudioLine Photo Basic 3 Vendor: HM Software http://studioline.biz Vulnerable Version: 3.70.34.0 and probably prior Tested on: 3.70.34.0 Vendor Notification: 15 Ju...
BACKEND (categoria.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability BACKEND categoria.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.backend.com.mx/ Persian Gulf 4 Ever! Dork : "Desarrollado por BACKEND Diseсos Web"...
ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability
ZDI-11-258: Apple QuickTime STSC atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-258 August 16, 2011 -- CVE ID: CVE-2011-0249 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPoint...
foomatic code execution
It's possible to execute code via .ppd files...
[ MDVSA-2011:125 ] foomatic-filters
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2011:125 http://www.mandriva.com/security/ Package : foomatic-filters Date : August 14, 2011 Affected: 2009.0, 2010.1, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered...
CdeVision(students.php?id) (gallery.php?cat) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability CdeVisionstudents.php?id gallery.php?cat AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cdevision.com/ Persian Gulf 4 Ever! Dork : "Site by cdeVision"...
ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication (On-Premise)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-027: RSA, The Security Division of EMC, releases Security Patch for Adaptive Authentication On-Premise Advisories Updated August 11, 2011 Summary: An issue with Adaptive Authentication On-Premise was discovered which in certain circumstances...
INSECT Pro - Exploit EChat Server <= v2.5 20110812 - Remote Buffer Overflow Exploit
Information -------------------- Name : EChat Server = v2.5 Software : E Chat Server Vendor Homepage : http://www.echatserver.com/ Vulnerability Type : Remote Buffer Overflow Exploit Severity : High Researcher : Juan Sacco Runlvl jsacco at insecurityresearch dot com Description ------------------...
ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability
ZDI-11-259: Apple QuickTime STSZ atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-259 August 16, 2011 -- CVE ID: CVE-2011-0251 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple QuickTime -- TippingPoint...
phpWebSite (userpage) Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities phpWebSite userpage AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Persian Gulf 4 Ever! Dork : allinurl:"mod.php?mod=userpage" Exploite: www.victim.com/mod.php?mod=userpage&pageid=XSS...
CVE-2011-0527: VMware vFabric tc Server password obfuscation bypass
Severity: Important Versions Affected: 2.0.0.RELEASE to 2.0.5.SR01 2.1.0.RELEASE to 2.1.1.SR01 Description: tc Server allows users to store the passwords used for JMX authentication in an obfuscated form for organizations where storing passwords in plain text is not permitted. The JMX...
CdeVision Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities CdeVision AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cdevision.com/ Persian Gulf 4 Ever! Dork : "Site by cdeVision" "Tell a Friend" Exploite:...
awiki 20100125 multiple local file inclusion vulnerabilities
awiki 20100125 multiple local file inclusion vulnerabilities download http://www.kobaonline.com/awiki/awiki-20100125.zip or http://sourceforge.net/projects/kcwiki/files/awiki/awiki-20100125.zip author muuratsalo contact muuratsaloatgmail.com exploits...
CVE-2011-2664 Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products
======================================================================= title: Symlink Following and Second-Order Symlink Vulnerabilities in Multiple Check Point Security Management Products product: Check Point Security Management Multi-Domain Security Management / Provider-1 SmartCenter...
SEC Consult SA-20110810-0 :: Client-side remote file upload & command execution in Check Point SSL VPN On-Demand applications - CVE-2011-1827
SEC Consult Vulnerability Lab Security Advisory 20110810-0 ======================================================================= title: Client-side remote file upload & command execution product: Check Point SSL VPN On-Demand applications signed Java applet and ActiveX control SSL Network...
{Lostmonґs Group} Elgg 1.8 beta2 and prior to 1.7.11 'container_guid' and 'owner_guid' SQL Injection
Elgg 1.8 beta2 and prior to 1.7.11 'containerguid' and 'ownerguid' SQL Injection Vendor URL: http://www.elgg.org/ Advisore: http://lostmon.blogspot.com/2011/08/elgg-18-beta2-and-prior-to-1711.html Vendor notify: YES exploit available: YES Description By vendor Elgg is an award-winning social...
DoodleIT (gallery.php?id) (about.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability DoodleIT gallery.php?id about.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.doodleit.co.uk/ Persian Gulf 4 Ever! Dork : "Design by DoodleIT"...
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow (APSB11-21)
VUPEN Security Research - Adobe Flash Player ActionScript FileReference Buffer Overflow APSB11-21 Website : http://www.vupen.com/english/research.php Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- "Adobe Flash Player is a cross-platform browser-based application runtime th...
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability
ZDI-11-253: Adobe Flash Player BitmapData.scroll Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-253 August 12, 2011 -- CVE ID: CVE-2011-2138 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Adobe -- Affected Products: Adobe Fla...
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability
ZDI-11-256: Apple QuickTime Media Link src Parameter Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-256 August 16, 2011 -- CVE ID: CVE-2011-0248 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability
ZDI-11-254: Apple QuickTime 'trun' atom sampleCount Integer Overflow Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-254 August 16, 2011 -- CVE ID: CVE-2011-0256 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple...
CheckPoint SSL VPN ActiveX code execution
Unsafe methods allow file upload and execute...
[SECURITY] CVE-2011-2729: Commons Daemon fails to drop capabilities (Apache Tomcat)
CVE-2011-2729: Commons Daemon fails to drop capabilities Apache Tomcat Severity: Important Vendor: The Apache Software Foundation Versions Affected: Tomcat 7.0.0 to 7.0.19 Tomcat 6.0.30 to 6.0.32 Tomcat 5.5.32 to 5.5.33 Description: Due to a bug in the capabilities code, jsvc the service wrapper...
Apache Tomcat security vulnerabilities
Privilege escalation, information disclosure...
Microsoft Windows DHCPv6 DoS
RPC crashes on DHCP reply with empty Domain Search List...
[SECURITY] [DSA 2292-1] ISC DHCP security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2292-1 [email protected] http://www.debian.org/security/ Florian Weimer August 11, 2011 http://www.debian.org/security/faq -...
[USN-1191-1] libXfont vulnerability
========================================================================== Ubuntu Security Notice USN-1191-1 August 15, 2011 libxfont vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Calisto light, light plus and full, Sql Injection And user or Admin bypass
Calisto light, light plus and full, Sql Injection And user or Admin bypass Vendor URL: http://www.calistosoft.com.ar/ Advisore: http://lostmon.blogspot.com/2011/08/calisto-light-light-plus-and-full-sql.html Vendor notify: YES exploit available: YES Vulnerability Description Calisto Light, Light...
ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability
ZDI-11-263: Symantec Veritas Storage Foundation vxsvc.exe ASCII String Unpacking Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-263 August 16, 2011 -- CVE ID: CVE-2011-0547 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Symantec -- Affected...
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability
ZDI-11-252: Apple QuickTime PICT Image PnSize Opcode Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-252 August 8, 2011 -- CVE ID: CVE-2011-0257 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: Apple -- Affected Products: Apple Quicktime --...
WebsiteBaker 2.8.1 <= Cross Site Request Forgery (CSRF) Vulnerability
OVERVIEW WebsiteBaker 2.8.1 and lower versions are vulnerable to Cross Site Request Forgery CSRF. 2. BACKGROUND WebsiteBaker is a PHP-based Content Management System CMS designed with one goal in mind: to enable its users to produce websites with ease. 3. VULNERABILITY DESCRIPTION WebsiteBaker...
RealNetworks Realplayer multiple security vulnerabilities
QCP, AAC, MP3, SWF, SIPR parsing memory corruptions, crossite scripting, unsafe methods and buffer overflow in ActiveX...