Section: .. / Last 50 Files /
| /// File Name: | hispah-sql.txt | Description:
| HispaH Model Search suffers from a remote SQL injection vulnerability in cat.php. | | Author: | cyb3r-1st | | File Size: | 963 | | Last Modified: | May 9 20:06:40 2008 | | MD5 Checksum: | 56372410603357c087d00006cb931d71 |
|
| /// File Name: | admidio-disclose.txt | Description:
| Admidio version 1.4.8 suffers from a remote file disclosure vulnerability. | | Author: | n3v3rh00d | | Homepage: | http://forum.antichat.ru/ | | File Size: | 1398 | | Last Modified: | May 9 20:04:34 2008 | | MD5 Checksum: | fb96b4a0cd332e49bb1509f593db6916 |
|
| /// File Name: | wpgallery-sql.txt | Description:
| The WordPress Photo Gallery module suffers from a remote SQL injection vulnerability. | | Author: | THE_MILLER | | File Size: | 405 | | Last Modified: | May 9 13:59:35 2008 | | MD5 Checksum: | 6ad18afafb09a0396e624aa6cdc26680 |
|
| /// File Name: | glsa-200805-08.txt | Description:
| Gentoo Linux Security Advisory GLSA 200805-08 - The namesx and uhnames modules do not properly validate network input, leading to a buffer overflow. Versions less than 1.1.19 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2399 | | Related CVE(s): | CVE-2008-1925 | | Last Modified: | May 9 13:53:32 2008 | | MD5 Checksum: | cdb2393100a4faec5400559fd35ff0f8 |
|
| /// File Name: | glsa-200805-07.txt | Description:
| Gentoo Linux Security Advisory GLSA 200805-07 - LTSP version 4.2, ships prebuilt copies of programs such as the Linux Kernel, the X.org X11 server (GLSA 200705-06, GLSA 200710-16, GLSA 200801-09), libpng (GLSA 200705-24, GLSA 200711-08), Freetype (GLSA 200705-02, GLSA 200705-22) and OpenSSL (GLSA 200710-06, GLSA 200710-30) which were subject to multiple security vulnerabilities since 2006. Please note that the given list of vulnerabilities might not be exhaustive. Versions less than 5.0 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 4366 | | Last Modified: | May 9 13:53:07 2008 | | MD5 Checksum: | b99107d7cc4efe620d3b52050bad0f8f |
|
| /// File Name: | glsa-200805-06.txt | Description:
| Gentoo Linux Security Advisory GLSA 200805-06 - Viesturs reported that the default configuration for Gentoo's init script (/etc/conf.d/firebird) sets the ISC_PASSWORD environment variable when starting Firebird. It will be used when no password is supplied by a client connecting as the SYSDBA user. Versions less than 2.0.3.12981.0-r6 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 2857 | | Related CVE(s): | CVE-2008-1880 | | Last Modified: | May 9 13:52:37 2008 | | MD5 Checksum: | 85f645f65baa0b3fe9c141d775831681 |
|
| /// File Name: | oracleasp-bypass.txt | Description:
| The Oracle Application Server Portal 10G suffers from an authentication bypass vulnerability. Details are provided. | | Author: | Deniz Cevik | | Homepage: | http://www.intellectpro.com.tr/ | | File Size: | 944 | | Last Modified: | May 9 13:51:21 2008 | | MD5 Checksum: | 949ba1c17d5c6ccbaf300ec9175e3dd4 |
|
| /// File Name: | cyberfolio-rfi.txt | Description:
| Cyberfolio version 7.2 suffers from a remote file inclusion vulnerability. | | Author: | RoMaNcYxHaCkEr | | File Size: | 1055 | | Last Modified: | May 9 13:45:41 2008 | | MD5 Checksum: | b1f29ba626cf616a3523dd8a19714c8f |
|
| /// File Name: | sazcart151-rfi.txt | Description:
| SazCart version 1.5.1 suffers from multiple remote file inclusion vulnerabilities. | | Author: | RoMaNcYxHaCkEr | | File Size: | 1214 | | Last Modified: | May 9 13:45:07 2008 | | MD5 Checksum: | f6972dda22f21e2d1b7c152ccfebae41 |
|
| /// File Name: | MDVSA-2008-099.txt | Description:
| Mandriva Linux Security Advisory - A heap-based buffer overflow vulnerability was found in how ImageMagick parsed XCF files. If ImageMagick opened a specially-crafted XCF file, it could be made to overwrite heap memory beyond the bounds of its allocated memory, potentially allowing an attacker to execute arbitrary code on the system running ImageMagick. Another heap-based buffer overflow vulnerability was found in how ImageMagick processed certain malformed PCX images. If ImageMagick opened a specially-crafted PCX image file, an attacker could possibly execute arbitrary code on the system running ImageMagick. | | Homepage: | http://www.mandriva.com/security/ | | File Size: | 7839 | | Related CVE(s): | CVE-2008-1096, CVE-2008-1097 | | Last Modified: | May 9 13:43:27 2008 | | MD5 Checksum: | 80671fb91b231ddf51ff6f60aef286c4 |
|
| /// File Name: | apache-utf7xss.txt | Description:
| Apache versions 2.2.x and 1.3.x suffer from a cross site scripting vulnerability leveraging UTF-7 encoding on 403 forbidden pages. | | Author: | Yaniv Miron, Yossi Yakubov | | File Size: | 1125 | | Last Modified: | May 9 13:40:07 2008 | | MD5 Checksum: | 776e48651cff4b6c45bf15019e486f5c |
|
| /// File Name: | minibloggie-delete.txt | Description:
| miniBloggie version 1.0 suffers from an arbitrary post deletion vulnerability in del.php. | | Author: | Cod3rZ | | Homepage: | http://cod3rz.helloweb.eu/ | | File Size: | 574 | | Last Modified: | May 9 13:37:53 2008 | | MD5 Checksum: | 48a0ab7a653384c0a40f7474400937f7 |
|
| /// File Name: | vshare-sql.txt | Description:
| vShare Youtube Clone version 2.6 suffers from a remote SQL injection vulnerability in group_posts.php. | | Author: | Saime | | File Size: | 1126 | | Last Modified: | May 9 13:37:00 2008 | | MD5 Checksum: | f6ed0f3a4f6d2bf9adf61c3530025f07 |
|
| /// File Name: | shadertv-sql.txt | Description:
| Shader TV Beta suffers from multiple SQL injection vulnerabilities allowing for login bypass and more. | | Author: | U238 | | Homepage: | http://noexec.blogspot.com/ | | File Size: | 1476 | | Last Modified: | May 9 13:35:06 2008 | | MD5 Checksum: | 9f14c2db07c26bca40e8b991829c03ee |
|
| /// File Name: | USN-611-3.txt | Description:
| Ubuntu Security Notice 611-3 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for GStreamer Good Plugins. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 15260 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:31:28 2008 | | MD5 Checksum: | 26dd30b7333f05b291b099650b8a9e89 |
|
| /// File Name: | USN-611-2.txt | Description:
| Ubuntu Security Notice 611-2 - USN-611-1 fixed a vulnerability in Speex. This update provides the corresponding update for ogg123, part of vorbis-tools. It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7294 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:57 2008 | | MD5 Checksum: | a2c8b46ce1f3301d099c7eb67973f3b0 |
|
| /// File Name: | USN-611-1.txt | Description:
| Ubuntu Security Notice 611-1 - It was discovered that Speex did not properly validate its input when processing Speex file headers. If a user or automated system were tricked into opening a specially crafted Speex file, an attacker could create a denial of service in applications linked against Speex or possibly execute arbitrary code as the user invoking the program. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 13345 | | Related CVE(s): | CVE-2008-1686 | | Last Modified: | May 9 13:30:27 2008 | | MD5 Checksum: | 218704e90625568f9bf94f8cb18d0063 |
|
| /// File Name: | musicbox-sql.txt | Description:
| Musicbox versions 2.3.7 and below suffer from a remote SQL injection vulnerability. | | Author: | HaCkeR_EgY | | Homepage: | http://www.PaL-HaCker.com/ | | File Size: | 1329 | | Last Modified: | May 9 13:29:58 2008 | | MD5 Checksum: | 2003e3ac8207707f1593dfbc5f401e9f |
|
| /// File Name: | cmsfaethon-rfixss.txt | Description:
| CMS Faethon version 2.2 Ultimate suffers from remote file inclusion and cross site scripting vulnerabilities. | | Author: | RoMaNcYxHaCkEr | | File Size: | 1024 | | Last Modified: | May 9 13:29:15 2008 | | MD5 Checksum: | e73c1fd433238869a0a88fd59698841b |
|
| /// File Name: | rdesktop-underflow.txt | Description:
| rdesktop version 1.5.0 integer underflow proof of concept exploit that takes advantage of iso_recv_msg(). | | Author: | Guido Landi | | Related File: | 05.07.08-1.txt | | File Size: | 644 | | Related CVE(s): | CVE-2008-1801 | | Last Modified: | May 9 13:28:05 2008 | | MD5 Checksum: | bfe5e7576091da077e34f5dc84361bd2 |
|
| /// File Name: | tftpwin-bssoverflow.txt | Description:
| TFTP Server for Windows version 1.4 ST remote .bss overflow exploit that binds a shell to port 4444. | | Author: | tix | | File Size: | 4629 | | Last Modified: | May 9 13:25:33 2008 | | MD5 Checksum: | 16317866e53ea413c0a1945cd00e6346 |
|
| /// File Name: | zyxel-xss.txt | Description:
| The Zyxel ZYWall 100 suffers from a cross site scripting vulnerability via the Referer: header. | | Author: | Deniz Cevik | | Homepage: | http://www.intellectpro.com.tr/ | | File Size: | 920 | | Last Modified: | May 9 13:22:44 2008 | | MD5 Checksum: | c5be130c55cae1959617d7e1a373046b |
|
| /// File Name: | sonicwall-xss.txt | Description:
| SonicWall E-mail Security version 6.1.1 suffers from a cross site scripting vulnerability via the Host: header. | | Author: | Deniz Cevik | | Homepage: | http://www.intellectpro.com.tr/ | | File Size: | 919 | | Last Modified: | May 9 13:21:57 2008 | | MD5 Checksum: | 8159b57282138fb40f7ab2525f6f2057 |
|
| /// File Name: | novell-stackoverflow.txt | Description:
| Novell Client versions 4.91 SP4 and below suffer from a local stack overflow vulnerability. | | Author: | laurent gaffi | | File Size: | 2335 | | Last Modified: | May 9 13:20:52 2008 | | MD5 Checksum: | dcfbc10b009f3e54667c1a67566d1691 |
|
| /// File Name: | SAP-07-010.txt | Description:
| The SAP Internet Transaction Server version 6.20 suffers from cross site scripting vulnerabilities. This is a really old vulnerability which just had its details released. | | Homepage: | http://www.portcullis-security.com/ | | File Size: | 2024 | | Related CVE(s): | CAN-2003-0749 | | Last Modified: | May 9 13:19:57 2008 | | MD5 Checksum: | 48ff5d0a78f5c716816fa9ca406d8dad |
|
| /// File Name: | Bellua2008-CFP.txt | Description:
| The call for papers and conference registration is now open for Bellua Cyber Security Asia 2008. This is the fourth annual Bellua conference and is being held in Jakarta, Indonesia November 18th through the 19th, 2008. | | Homepage: | http://www.bellua.com/bcs/ | | File Size: | 2948 | | Last Modified: | May 9 13:17:12 2008 | | MD5 Checksum: | d2cc06c4613b0b8f2cb6b8b98dc0af92 |
|
| /// File Name: | ezcontents-sql.txt | Description:
| ezContents CMS version 2.0.0 suffers from SQL injection vulnerabilities. | | Author: | hadihadi | | Homepage: | http://www.virangar.org/ | | File Size: | 1652 | | Last Modified: | May 9 13:12:32 2008 | | MD5 Checksum: | 4cceca8194600947d6abfc652d6b98f4 |
|
| /// File Name: | onecms25-sql.txt | Description:
| OneCMS version 2.5 remote blind SQL injection exploit that makes use of asd.php. | | Author: | Cod3rZ | | Homepage: | http://cod3rz.helloweb.eu/ | | File Size: | 2155 | | Last Modified: | May 7 20:47:19 2008 | | MD5 Checksum: | 3b42b7d367ec7319462b6184e5d9cdd2 |
|
| /// File Name: | galleristic-sql.txt | Description:
| Galleristic version 1.0 remote SQL injection exploit that makes use of index.php. | | Author: | cOndemned | | Homepage: | http://condemned.r00t.la/ | | File Size: | 913 | | Last Modified: | May 7 20:45:18 2008 | | MD5 Checksum: | 3a1b178796f738876c63cb87ecef2fb6 |
|
| /// File Name: | 05.07.08-3.txt | Description:
| iDefense Security Advisory 05.07.08 - Remote exploitation of an integer signedness vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reallocating dynamic buffers. The rdesktop xrealloc() function uses a signed comparison to determine if the requested allocation size is less than 1. When this occurs, the function will incorrectly set the allocation size to be 1. This results in an improperly sized heap buffer being allocated, which can later be overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. | | Homepage: | http://www.idefense.com/ | | File Size: | 3416 | | Related CVE(s): | CVE-2008-1803 | | Last Modified: | May 7 20:43:37 2008 | | MD5 Checksum: | c3320ef9f586bf2a8eadea9bdb952524 |
|
| /// File Name: | 05.07.08-2.txt | Description:
| iDefense Security Advisory 05.07.08 - Remote exploitation of a BSS overflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP redirect request. This request is used to redirect an RDP connection from one server to another. When parsing the redirect request, the rdesktop client reads several 32-bit integers from the request packet. These integers are then used to control the number of bytes read into statically allocated buffers. This results in several buffers located in the BSS section being overflowed, which can lead to the execution of arbitrary code. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. | | Homepage: | http://www.idefense.com/ | | File Size: | 3480 | | Related CVE(s): | CVE-2008-1802 | | Last Modified: | May 7 20:42:49 2008 | | MD5 Checksum: | dcb778aa36d5093d53a1522ad73f6ceb |
|
| /// File Name: | 05.07.08-1.txt | Description:
| iDefense Security Advisory 05.07.08 - Remote exploitation of an integer underflow vulnerability in rdesktop, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the logged-in user. The vulnerability exists within the code responsible for reading in an RDP request. When reading a request, a 16-bit integer value that represents the number of bytes that follow is taken from the packet. This value is then decremented by 4, and used to calculate how many bytes to read into a heap buffer. The subtraction operation can underflow, which will then lead to the heap buffer being overflowed. iDefense confirmed the existence of this vulnerability in rdesktop version 1.5.0. Previous versions may also be affected. | | Homepage: | http://www.idefense.com/ | | File Size: | 3393 | | Related CVE(s): | CVE-2008-1801 | | Last Modified: | May 7 20:42:04 2008 | | MD5 Checksum: | c018aff3b2b98000cb2a48058984a14d |
|
| /// File Name: | google-spam.txt | Description:
| It appears that manipulating the forwarding functionality in Google's GMail service allows people to spam. | | Homepage: | http://ece.uprm.edu/~andre/insert | | File Size: | 2123 | | Last Modified: | May 7 20:40:32 2008 | | MD5 Checksum: | f7d31e6f454a2e5814a14ca9ac14dcfb |
|
| /// File Name: | glsa-200805-04.txt | Description:
| Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 3609 | | Related CVE(s): | CVE-2008-1502, CVE-2008-2041 | | Last Modified: | May 7 20:38:18 2008 | | MD5 Checksum: | 0ef7dd1b359cd5c05af051363a60b6d3 |
|
| /// File Name: | glsa-200805-03.txt | Description:
| Gentoo Linux Security Advisory GLSA 200805-03 - Bernhard R. Link discovered that Eterm opens a terminal on :0 if the -display option is not specified and the DISPLAY environment variable is not set. Further research by the Gentoo Security Team has shown that aterm, Mrxvt, multi-aterm, RXVT, rxvt-unicode, and wterm are also affected. Versions less than 1.0.1-r1 are affected. | | Homepage: | http://security.gentoo.org | | File Size: | 4335 | | Related CVE(s): | CVE-2008-1142, CVE-2008-1692 | | Last Modified: | May 7 20:37:56 2008 | | MD5 Checksum: | e7bce4b2f319f035e053ff26dbb0497a |
|
| /// File Name: | tuxcms-xss.txt | Description:
| Tux CMS version 0.1 suffers from cross site scripting vulnerabilities. | | Author: | IRCRASH | | Homepage: | http://ircrash.com/ | | File Size: | 1289 | | Last Modified: | May 7 20:36:55 2008 | | MD5 Checksum: | fc2461e9a2dd67d305c1169f2984721b |
|
| /// File Name: | postcardmentor-sql.txt | Description:
| PostcardMentor suffers from a remote SQL injection vulnerability in step1.asp. | | Author: | InjEctOrS | | File Size: | 1815 | | Last Modified: | May 7 20:35:53 2008 | | MD5 Checksum: | 8f294b168ec448f57fd8c7bf4fdc8bdc |
|
| /// File Name: | gamecms-sql.txt | Description:
| gameCMS Lite version 1.0 suffers from a remote SQL injection vulnerability in index.php. | | Author: | InjEctOrS | | File Size: | 2386 | | Last Modified: | May 7 20:35:10 2008 | | MD5 Checksum: | c9dcaa13d89a2127407929e51f1b4654 |
|
| /// File Name: | fipscms-sql.txt | Description:
| fips CMS suffers from a blind SQL injection vulnerability in print.asp. | | Author: | InjEctOrS | | File Size: | 1716 | | Last Modified: | May 7 20:34:11 2008 | | MD5 Checksum: | 7826a169d66eba1519c1d6ce5107704f |
|
| /// File Name: | dradis-v1.2.tar.gz | Description:
| dradis is a tool for sharing information during security testing. While plenty of tools exist to help in the different stages of the test, not so many exist to share interesting information captured. When a team of testers is working on the same set of targets, having a common repository of information is essential to avoid duplication of efforts. | | Author: | etd | | Homepage: | http://dradis.nomejortu.com/ | | File Size: | 2011899 | | Last Modified: | May 7 13:42:52 2008 | | MD5 Checksum: | 481beae4f13e322aad1066ba943aafd4 |
|
| /// File Name: | frs-lfi.txt | Description:
| The PHP-Fusion module Forum Rank System version 6 suffers from a local file inclusion vulnerability. | | Author: | Matrix86 | | File Size: | 606 | | Last Modified: | May 7 13:37:55 2008 | | MD5 Checksum: | 47acb3a0171f72d2b509fee8ba79403f |
|
| /// File Name: | USN-610-1.txt | Description:
| Ubuntu Security Notice 610-1 - Christian Herzog discovered that it was possible to connect to any LTSP client's X session over the network. A remote attacker could eavesdrop on X events, read window contents, and record keystrokes, possibly gaining access to private information. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 7189 | | Related CVE(s): | CVE-2008-1293 | | Last Modified: | May 7 13:36:46 2008 | | MD5 Checksum: | 77ac0e795794d36deede12c886ccdf18 |
|
| /// File Name: | USN-609-1.txt | Description:
| Ubuntu Security Notice 609-1 - It was discovered that arbitrary Java methods were not filtered out when opening databases in OpenOffice.org. If a user were tricked into running a specially crafted query, a remote attacker could execute arbitrary Java with user privileges. Multiple memory overflow flaws were discovered in OpenOffice.org's handling of Quattro Pro, EMF, and OLE files. If a user were tricked into opening a specially crafted document, a remote attacker might be able to execute arbitrary code with user privileges. | | Homepage: | http://security.ubuntu.com/ | | File Size: | 62628 | | Related CVE(s): | CVE-2007-4575, CVE-2007-5745, CVE-2007-5746, CVE-2007-5747, CVE-2008-0320 | | Last Modified: | May 7 13:36:08 2008 | | MD5 Checksum: | a3deee4ad320e4a22639ce04c53c56e9 |
|
| /// File Name: | adobe-print-v2.txt | Description:
| A design error vulnerability exists in Adobe Reader and Adobe Acrobat Professional. A remote attacker who successfully exploit this vulnerability can control the printer without user's permission. Affected software versions include Adobe Reader 8.1.1 and below and Adobe Acrobat Professional 8.1.1 and below. This is an updated advisory. | | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | Related File: | adobe-print.txt | | File Size: | 2533 | | Related CVE(s): | CVE-2008-0655 | | Last Modified: | May 7 13:34:32 2008 | | MD5 Checksum: | b5590bc735cc6ed7a4c5c8923db40f71 |
|
| /// File Name: | aap-bypass.txt | Description:
| Two critical vulnerabilities exist in the javascript API of Adobe Acrobat Professional 7. A remote attacker who successfully exploits these vulnerabilities can execute restricted functions and arbitrary codes on the affected system. Adobe Acrobat Professional version 7.0.9 is affected. | | Author: | cocoruder | | Homepage: | http://ruder.cdut.net/ | | File Size: | 3586 | | Related CVE(s): | CVE-2008-2042 | | Last Modified: | May 7 13:32:04 2008 | | MD5 Checksum: | d5e4c5adb0d84a55148b570fa73bccdc |
|
|
|
|
|