47153 matches found
TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability
TPTI-11-13: McAfee SaaS myCIOScn.dll Scan Method Script Injection Remote Code Execution Vulnerability http://dvlabs.tippingpoint.com/advisory/TPTI-11-13 August 8, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: McAfee -- Affected Products: McAfee Security-as-a-Service --...
Microsoft Windows multiple security vulnerabilities
NDISTAPI service and CSRSS privilege escalations, kernel DoS, TCP/IP DoS, RDP DoS, .Net information disclosure...
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability
ZDI-11-251: Apple QuickTime STSS atom Parsing Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-251 August 9, 2011 -- CVE ID: CVE-2011-0250 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- TippingPointT...
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability
ZDI-11-250: Apple QuickTime STTS atom Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-250 August 9, 2011 -- CVE ID: CVE-2011-0252 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Apple -- Affected Products: Apple Quicktime -- Vulnerability Details...
THE STUDIO (prod.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability THE STUDIO prod.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.thestudio.net/ Persian Gulf 4 Ever! Dork : "Site designed by The Studio, INC." "inurl:prod.php?id="...
Kimia Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Kimia AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.kimia.co.za/ Persian Gulf 4 Ever! Dork : "Graphic design & Website design by Kimia" "inurl:id=" Exploite:...
Microsoft Office Visio security vulnerabilities
Memory corruption on Visio files parsing...
XWeavers (page.asp?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability XWeavers page.asp?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://xweavers.com/ Persian Gulf 4 Ever! Dork : "inurl:page.asp?id=" "Designed and Developed by XWeavers.com"...
Microsoft Windows Remote Desktop Web Access crossite scripting
Crossite scripting on the logon page...
ThreeDify Designer ActiveX control Insecure Method
Vulnerability ID: HTB23021 Reference: http://www.htbridge.ch/advisory/threedifydesigneractivexcontrolinsecuremethod.html Product: ThreeDify Designer Vendor: ThreeDify http://www.threedify.com Vulnerable Version: 5.0.2 and probably prior Tested on: 5.0.2 Vendor Notification: 07 June 2011...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
OpenSSH DoS
GSSAPI authentication memory exhaustion...
ThreeDify Designer ActiveX security vulnerabilities
Buffer overflo, insecure methods...
Community Server - Stored Cross-Site Scripting in User's Signature
Community Server - Stored Cross-site Scripting in user's signature. - Product description: Community Server is a communities and collaboration web application developed by Telligent. It uses ASP.NET platform C and Microsoft SQL Server database. From it's 5.0 version, the software was renamed to...
XSS in WP e-Commerce
Vulnerability ID: HTB23031 Reference: http://www.htbridge.ch/advisory/xssinwpecommerce.html Product: WP e-Commerce Vendor: Instinct Entertainment http://getshopped.org/ Vulnerable Version: 3.8.5 and probably prior Tested on: 3.8.5 Vendor Notification: 13 July 2011 Vulnerability Type: XSS Cross Si...
Useless OpenSSH resources exhausion bug via GSSAPI
Name: Useless OpenSSH resources exhausion bug via GSSAPI Author: Adam Zabrocki [email protected] Date: 2008-2009 old useless bug ;P Description: OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that...
Android crossapplication scripting
Application can script in browser in any domain's context...
Android Browser Cross-Application Scripting (CVE-2011-2357)
============================================================= Android Browser Cross-Application Scripting CVE-2011-2357 ============================================================= 1 Background -------------- Android applications are executed in a sandbox environment, to ensure that no applicati...
Cross Site Scription Vulnerability in vBulletin 4.1.3, 4.1.4 and 4.1.5
Advisory Information Title: vBulletin Cross Site Scripting Vulnerability Vendors contacted: vBulletin team ---- Vulnerability Information Class: XSS flaw Vulnerable page: Admin Login Page admincp Remotely Exploitable: Yes ---- Vulnerability Description vBulletin is a community forum solution for ...
ThreeDify Designer ActiveX control multiple buffer overflow vulnerabilities
Vulnerability ID: HTB23020 Reference: http://www.htbridge.ch/advisory/threedifydesigneractivexcontrolmultiplebufferoverflowvulnerabilities.html Product: ThreeDify Designer Vendor: ThreeDify http://www.threedify.com Vulnerable Version: 5.0.2 and probably prior Tested on: 5.0.2 Vendor Notification:...
APPLE-SA-2011-08-03-1 QuickTime 7.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-08-03-1 QuickTime 7.7 QuickTime 7.7 is now available and addresses the following: QuickTime Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Windows 7, Vista, XP SP2 or later Impact: Viewing a maliciously crafted pict file may...
ZDI-11-245: Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability
ZDI-11-245: Sybase Adaptive Server Backup and Monitor Server Translation Array Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-245 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server ...
Sybase Adaptive Server Backup / Monitor Server Translation security vulnerabilities
Different code execution vulnerabilities...
Flexera FlexNet License Server Manager buffer overflow
Buffer overflow in TCP/27000 request processing...
Multiple XSS in HESK
Vulnerability ID: HTB23030 Reference: http://www.htbridge.ch/advisory/multiplexssinhesk.html Product: HESK Vendor: Klemen Stirn http://www.hesk.com/ Vulnerable Version: 2.2 and probably prior Tested on: 2.2 Vendor Notification: 06 July 2011 Vulnerability Type: XSS Cross Site Scripting Risk level:...
dhcpcd shell characters vulnerability
Shell characters vulnerability in the hostname...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
n.runs-SA-2011.001 - Citrix XenApp / XenDesktop Stack-Based Buffer Overflow
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.001 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Stack-Based Buffer Overflow in Citrix XML Service Risk:...
NGS00068 Technical Advisory - LibAVCodec AMV Out of Array Write
======= Summary ======= Name: LibAVCodec AMV Out of Array Write Release Date: 31 July 2011 Reference: NGS00068 Discoverer: Dominic Chell [email protected] Vendor: VideoLAN Vendor Reference: CVE-2011-1931 Systems Affected: VLC media player 1.1.9 and earlier releases Risk: High Status:...
Многичесленные уязвимости в Register Plus для WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною многочисленных Cross-Site Scripting уязвимостях в плагине Register Plus для WordPress. XSS persistent WASC-08: При включенных опциях Enable Invitation Codes и Enable Invitation Tracking Dashboard Widget и коде scriptalertdocument.cookie/script в...
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability
ZDI-11-246: Sybase Adaptive Server Backup and Monitor Server NULL Write Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-246 July 29, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Sybase -- Affected Products: Sybase Adaptive Server --...
Citrix XenApp / XenDesktop security vulnerabilities
Buffer overflow, heap memory corruption...
[slackware-security] dhcpcd (SSA:2011-210-02)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security dhcpcd SSA:2011-210-02 New dhcpcd packages are available for Slackware 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...
Cisco TelePresence Recording Server default account
root account hat default password...
ZDI-11-244: (0day) FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability
ZDI-11-244: 0day FlexNet License Server Manager lmadmin Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-244 July 28, 2011 -- CVSS: 9, AV:N/AC:L/Au:N/C:P/I:P/A:C -- Affected Vendors: Flexera Software -- Affected Products: Flexera Software FlexNet License Serv...
Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco TelePresence Recording Server Default Credentials for Root Account Vulnerability Advisory ID: cisco-sa-20110729-tp Revision 1.0 For Public Release 2011 July 29 1600 UTC GMT...
LibAVCodec / FFMpeg / VLC index array overflow
Index array overflow on AMV files parsing...
n.runs-SA-2011.002 - Citrix XenApp / XenDesktop XML Service Heap Corruption
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2011.002 28-Jul-2011 Vendor: Citrix, http://www.citrix.com Affected Products: XenApp and XenDesktop Affected Version: See the Citrix security bulletin 2 for a list Vulnerability: Heap Corruption in Citrix XML Service Risk: HIGH Vendor...
cgcraft llc (collections.php?id) Cross Site Scripting Vulnerabilities
IRANIAN THE BEST HACKERS IN THE WORLD Cross Site Scripting Vulnerabilities cgcraft llc collections.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.cgcraft.com/ Persian Gulf 4 Ever! Dork : "website by cgCraft llc"...
Linux DBus DoS
Byteorder is not checked in some messages...
ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-021: EMC Data Protection Advisor sensitive information disclosure vulnerability. EMC Identifier: ESA-2011-021 CVE Identifier: CVE-2011-1742 Severity Rating: CVSS v2 Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C Affected products: EMC SW: EMC Dat...
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability
ZDI-11-241: Webkit setAttributes attributeChanged Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-241 July 27, 2011 -- CVE ID: CVE-2011-0254 -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P -- Affected Vendors: WebKit -- Affected Products: WebKit -- TippingPointTM I...
ClamAV antivirus DoS
No description provided...
Redirection vulnerability in MBoard
Vulnerability ID: HTB23029 Reference: http://www.htbridge.ch/advisory/redirectionvulnerabilityinmboard.html Product: MBoard Vendor: PHPJunkyar http://www.phpjunkyard.com Vulnerable Version: 1.3 and probably prior Tested on: 1.3 Vendor Notification: 06 July 2011 Vulnerability Type: Redirection...
SA500 vulnerabilities - details
Hi Advisory by Cisco was published a few days ago Bugtraq ID: 48810. Now more details: 1. Unathenticated access to web management any user - including admin. Due to blind SQLi in the login form of web management port 443, https, login field, embedded sqlite DB, there is possible to obtain: a all...
Cisco SA 500 security vulnerabilities
SQL injection, privilege escalation...
indiacon (selloffers.php?cid) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability indiacon selloffers.php?cid AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://www.indiacon.com/ Persian Gulf 4 Ever! Dork : inurl:selloffers.php?cid= "Powered by indiacon.com"...
[security bulletin] HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02941034 Version: 2 HPSBMU02691 SSRT100483 rev.2 - HP Performance Agent and HP Operations Agent, Remote Arbitrary File Deletion NOTICE: The information in this Security Bulletin should be acted...
Web Fusion Nepal (find.php?id) Remote SQL injection Vulnerability
IRANIAN THE BEST HACKERS IN THE WORLD Remote SQL injection Vulnerability Web Fusion Nepal find.php?id AuTh0r : EhsanHp200 H0ME : www.ehsanhp.blogsky.com Email : [email protected] Vendor : http://webfusion.com.np/ Persian Gulf 4 Ever! Dork : "Powered by: Web Fusion Nepal" "inurl:find.php?id="...
Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities
Elgg 1.7.9 = | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW The Elgg 1.7.9 and lower versions are vulnerable to multiple Cross Site Scripting. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities...