|
|
Prev week |
Colapse all |
Post message
CA ARCserve D2D r15 Web Service Apache Axis2 World Accessible Servlet Code Execution Vulnerability Poc 2010-12-30 ipsdix gmail com CSRF (Cross-Site Request Forgery) in Open blog 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22763 Reference: http://www.htbridge.ch/advisory/csrf_cross_site_request_forgery_in_open_ blog.html Product: Open blog Vendor: K5 Storitve ( http://www.open-blog.info/ ) Vulnerable Version: 1.2.1 Vendor Notification: 15 December 2010 Vulnerability Type: CSRF (Cross-Site Request [ more ] [ reply ] SQL Injection in LightNEasy 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22754 Reference: http://www.htbridge.ch/advisory/sql_injection_in_lightneasy_1.html Product: LightNEasy Vendor: Fernando Baptista ( http://www.lightneasy.org/ ) Vulnerable Version: 3.2.2 Vendor Notification: 15 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, [ more ] [ reply ] Path disclousure in OpenCart 2010-12-30 advisory htbridge ch Vulnerability ID: HTB22762 Reference: http://www.htbridge.ch/advisory/path_disclousure_in_opencart.html Product: OpenCart Vendor: OpenCart ( http://www.opencart.com/ ) Vulnerable Version: 1.4.9.1 Vendor Notification: 15 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Al [ more ] [ reply ] OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS 2010-12-29 Attilla de Groot (attilla attilla nl) During the buildup at the CCC 27c3 congress in Berlin we noticed several Apple Macbooks kernel paniced while connected to the wireless network. We identified the cause of this issue and we are able to reproduce this as well. It seems to be limited to the aluminum unibody Macbooks, running OS X 10.6 [ more ] [ reply ] [SECURITY] [DSA 2138-1] Security update for wordpress 2010-12-29 Giuseppe Iuculano (iuculano debian org) Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc 2010-12-29 ipsdix gmail com <!-- Chilkat Software FTP2 ActiveX Component (ChilkatFtp2.DLL 2.6.1.1) Remote Code Execution poc by rgod tested against Internet Explorer 7 on Vista should also work with 8/9 ActiveX Settings: CLSID: {302124C4-30A0-484A-9C7A-B51D5BA5306B} Progid: ChilkatFtp2.ChilkatFtp2.1 Binary Path: C:\Windows\Sys [ more ] [ reply ] Pre Jobo .NET "Password" SQL Injection Vulnerability 2010-12-28 non customers (non-customers operamail com) Pre Jobo .NET "Password" SQL Injection Vulnerability PRODUCT >>> http://www.preprojects.com/jobo.asp Input passed to the "Password" form field in jobseeker/register (the Post Your CV page) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries b [ more ] [ reply ] Path disclosure in KaiBB 2010-12-28 advisory htbridge ch Vulnerability ID: HTB22746 Reference: http://www.htbridge.ch/advisory/path_disclosure_in_kaibb.html Product: KaiBB Vendor: Mi-Dia ( http://www.mi-dia.co.uk/ ) Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: Path disclosure Status: Not Fixed, Vendor Alerted, Awai [ more ] [ reply ] SQL injection in KaiBB 2010-12-28 advisory htbridge ch Vulnerability ID: HTB22747 Reference: http://www.htbridge.ch/advisory/sql_injection_in_kaibb.html Product: KaiBB Vendor: Mi-Dia ( http://www.mi-dia.co.uk/ ) Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting [ more ] [ reply ] SQL injection in KaiBB 2010-12-28 advisory htbridge ch Vulnerability ID: HTB22748 Reference: http://www.htbridge.ch/advisory/sql_injection_in_kaibb_1.html Product: KaiBB Vendor: Mi-Dia ( http://www.mi-dia.co.uk/ ) Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiti [ more ] [ reply ] BBcode XSS in KaiBB 2010-12-28 advisory htbridge ch Vulnerability ID: HTB22749 Reference: http://www.htbridge.ch/advisory/bbcode_xss_in_kaibb.html Product: KaiBB Vendor: Mi-Dia ( http://www.mi-dia.co.uk/ ) Vulnerable Version: 1.0.1 Vendor Notification: 09 December 2010 Vulnerability Type: BBcode XSS Status: Not Fixed, Vendor Alerted, Awaiting Vendo [ more ] [ reply ] [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10 2010-12-28 come2waraxe yahoo com [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10 ======================================================================== ====== Author: Janek Vind "waraxe" Date: 28. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-79.html Affected Software: ~~~~~~~~~~~~~~~~~~~~~ [ more ] [ reply ] YEKTAWEB CMS XSS Vulnerability 2010-12-28 faghani nsec ir ================= IUT-CERT ================= Title: YEKTAWEB CMS XSS Vulnerability Vendor: www.yektaweb.com Dork: Powered by Academic Web Tools ( AWT ) - Yektaweb Collection Type: Input.Validation.Vulnerability (cross-Site scripting) Fix: N/A ================== nsec.ir ============== [ more ] [ reply ] HotWeb Rentals "PageId" SQL Injection Vulnerability 2010-12-27 non customers (non-customers operamail com) HotWeb Rentals "PageId" SQL Injection Vulnerability PRODUCT >>> http://www.hotwebscripts.co.uk/ Input passed to the "PageId" parameter in default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. POC >> [ more ] [ reply ] [security bulletin] HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access 2010-12-27 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02660754 Version: 2 HPSBST02620 SSRT100356 rev.2 - HP StorageWorks Modular Smart Array P2000 G3, Remote Unauthorized Access NOTICE: The information in this Security Bulletin should be acted upon [ more ] [ reply ] Social Engine 4.x (Music Plugin) Arbitrary File Upload Vulnerability 2010-12-26 MyDoom2009 gmail com ######################################################################## ### # Exploit Title: Social Engine 4.x (Music Plugin) Arbitrary File Upload # Google Dork: inurl:"user/auth/forgot" # Date: 22/12/2010 # Author: MyDoom ( Moroccan Hacker ) # Contact: MyDoom2009 (at) gmail (dot) com [email concealed] # Software Link: http:// [ more ] [ reply ] Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc 2010-12-26 ipsdix gmail com <?php /* Microsoft Windows Fax Services Cover Page Editor (.cov) Memory Corruption poc by Andrea Micalizzi aka rgod tested on: Microsoft Windows Server 2003 Standard Edition r2 sp2 all patched vulnerability: Microsoft Cover Page Editor (fxscover.exe, version 5.2 r2 (Build 3790.srv03_sp2_g [ more ] [ reply ] [IMF 2011] 2nd Call - Deadline Extended 2010-12-23 Oliver Goebel (goebel cert uni-stuttgart de) Dear all, the deadline for the submission of papers to IMF 2011 has been extended. Accepted papers will be published in IEEE Computer Society's Conference Proceedings Series and be available in the IEEE online Digital Library. Please excuse possible cross-postings. ============================= [ more ] [ reply ] Security Advisory - FlexVision Listener Vulnerability 2010-12-24 Victor Ribeiro Hora (victor tempest com br) Django admin list filter data extraction / leakage 2010-12-23 Adam Baldwin (adam_baldwin ngenuity-is com) ADVISORY INFORMATION: Advisory ID: NGENUITY-2010-009 Date discovered: 8.28.2010 Date published: 12.22.2010 SOFTWARE AFFECTED: ?Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design.? [1] The admin interface of the Django web framework can be abuse [ more ] [ reply ] MyBB 1.6 <= SQL Injection Vulnerability 2010-12-23 YGN Ethical Hacker Group (lists yehg net) ================================= MyBB 1.6 <= SQL Injection Vulnerability ================================= 1. OVERVIEW Potential SQL Injection vulnerability was detected in MyBB. 2. APPLICATION DESCRIPTION MyBB is a free bulletin board system software package developed by the MyBB Group. It [ more ] [ reply ] [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0 2010-12-26 come2waraxe yahoo com [waraxe-2010-SA#078] - Multiple Vulnerabilities in CruxCMS 3.0.0 ======================================================================== ======= Author: Janek Vind "waraxe" Date: 27. December 2010 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-78.html Affected Software: ~~~~~~~~~~~~~ [ more ] [ reply ] Asan Portal (IdehPardaz) Multiple Vulnerabilities 2010-12-23 info securitylab ir ################################################################# # Securitylab.ir ################################################################# # Application Info: # Name: Asan Portal # Vendor: http://iptech.ir/default.aspx?id=130 ########################################################## [ more ] [ reply ] Pligg XSS and SQL Injection 2010-12-25 mike sitewat ch Credit: Michael Brooks Bug Fix in 1.1.2: http://www.pligg.com/blog/1174/pligg-cms-1-1-2-release/ Special thanks to Eric Heikkinen for patching these quickly. Blind SQL Injection http://host/pligg_1.1.2/search.php?adv=1&status= 'and+sleep(9)or+sleep(9)or+1%3D' &search=on&advancesearch= Search +&sgr [ more ] [ reply ] |
|
Privacy Statement |
Code Execution Vulnerability Poc
product homepage:
https://support.ca.com/phpdocs/0/8363/support/arcserved2d_support.html
vulnerability:
The Tomcat Server, which listens for incoming connections on port 8014,
c
[ more ] [ reply ]