exploit the possibilities
Showing 1 - 25 of 75 RSS Feed

Files Date: 2010-05-25

MOPS-2010-036 - PHP htmlentities() / htmlspecialchars() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s htmlentities() and htmlspecialchars() functions can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 58a2282704682891d8a123b19550f836
Real Estate Portal Shell Upload
Posted May 25, 2010
Authored by MasterGipy

Real Estate Portal suffers from a shell upload vulnerability.

tags | exploit, shell
MD5 | 88a3cf3e0c8e4568400e939519a7ec4c
MOPS-2010-035 - e107 BBCode PHP Code Execution
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - It was discovered that access control to the [php] bbcode which allows executing PHP code is wrongly implemented in e107. This allows unauthenticated users to execute arbitrary PHP code easily. e107 versions 0.7.20 and below are affected.

tags | exploit, arbitrary, php
MD5 | 4346bfb6d6ada1280a974af5e3c38c10
MKPortal Horoscop Cross Site Scripting
Posted May 25, 2010
Authored by Inj3ct0r

The MKPortal Horoscop module suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 6bafb5a7d79cc0a8866005031aa543ab
MOPS-2010-034 - PHP iconv_mime_encode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP's iconv_mime_encode() function can be abused for information leak attacks, because of the call time pass by reference feature. This vulnerability also demonstrates that fixing zend_parse_parameters() is not enough to kill some of these vulnerabilities. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php, vulnerability
MD5 | 9867aef6cb0e23eb7e1c90501a688b87
HostFriendz.com SQL Injection
Posted May 25, 2010
Authored by Ivan Sanchez

Software from HostFriendz.com suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 22701d2983b7b0292ed0b1507faaa196
MOPS-2010-033 - PHP iconv_subsrt() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_substr() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 1a1045191cfaa946584ed44708cbb48c
Lizzard Active Media SQL Injection
Posted May 25, 2010
Authored by CoBRa_21

Lizzard Active Media suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection
MD5 | fa4faebda9d855d35a1fbbf27ad0c103
MOPS-2010-032 - PHP iconv_mime_decode() Interruption Information Leak
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - PHP’s iconv_mime_decode() function can be abused for information leak attacks, because of the call time pass by reference feature. PHP versions 5.2.13 and below and 5.3.2 and below are affected.

tags | exploit, php
MD5 | 8f24b17078f4235b786eab6a5ba37659
MOPS-2010-031 - e107 SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in the user settings dialog of e107 that allows any user to become an admin easily. Versions 0.7.20 and below are affected.

tags | exploit, php, sql injection
MD5 | 80e955f1e398e050dc783afd88d7e583
Scientific Atlanta DPC2100 Cable Modem Cross Site Request Forgery
Posted May 25, 2010
Authored by Dan Rosenberg

The Scientific Atlanta DPC2100 Cable Modem suffers from cross site request forgery and insufficient authentication vulnerabilities.

tags | exploit, vulnerability, csrf
advisories | CVE-2010-2025, CVE-2010-2026
MD5 | bc54b454b787a236cb2a8e47e43a8a32
Debian Linux Security Advisory 2052-1
Posted May 25, 2010
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2052-1 - Shawn Emery discovered that in MIT Kerberos 5 (krb5), a system for authenticating users and services on a network, a null pointer dereference flaw in the Generic Security Service Application Program Interface (GSS-API) library could allow an authenticated remote attacker to crash any server application using the GSS-API authentication mechanism, by sending a specially-crafted GSS-API token with a missing checksum field.

tags | advisory, remote
systems | linux, debian
advisories | CVE-2010-1321
MD5 | c00d82b35a17f619a01928d7ec9a8b88
MOPS-2010-030 - CMSQlite mod Parameter Local File Inclusion
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - A local file inclusion vulnerability was discovered in CMSQlite that might allow remote PHP code execution. Versions 1.2 and below are affected.

tags | exploit, remote, local, php, code execution, file inclusion
MD5 | 2a2002bbe18931001acb66cd137d308c
MOPS-2010-029 - CMSQlite c Parameter SQL Injection
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - An SQL Injection vulnerability was discovered in CMSQlite that allows to retrieve all data from the database. Versions 1.2 and below are affected.

tags | exploit, php, sql injection
MD5 | 755198535b782ed8d177a7e4be7a107a
MOPS-2010-028 - PHP phar_wrapper_open_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_wrapper_open_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
MD5 | acdaf9ccac055cc91b5f298f13f30ec9
MOPS-2010-027 - PHP phar_parse_url Format String
Posted May 25, 2010
Authored by Stefan Esser | Site php-security.org

Month Of PHP Security - The new phar extension in PHP 5.3 contains several format string vulnerabilities in the internal phar_parse_url() function. PHP versions 5.3 through 5.3.2 are affected.

tags | exploit, php, vulnerability
MD5 | f462a1cdc1c6472c8d3b233582b1f2ec
SQL Injection Filtering
Posted May 25, 2010
Authored by d3c0der

Whitepaper called SQL Injection Filtering. Written in Persian.

tags | paper, sql injection
MD5 | 826a23d9c3e3a5de99d710cbaf6b1461
BigAce Cross Site Scripting / Cross Site Request Forgery
Posted May 25, 2010
Site bkis.com

BigAce versions 2.7.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss, csrf
MD5 | 4394b92e6ab95264023107133a5253c6
Secunia Security Advisory 39918
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, fedora
MD5 | 08b2780f258aed6f62190657b66f794d
Secunia Security Advisory 39939
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for postgresql-8.3. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service), bypass certain security restrictions, and compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
systems | linux, debian
MD5 | 771fe2d546e02f422345ff674c6a768c
Secunia Security Advisory 39889
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - David K. has reported a vulnerability in the USR5463 802.11g Wireless Router, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | 652dcb5f8fd1c31a22714320b9fc8bad
Secunia Security Advisory 39938
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for kdegraphics. This fixes multiple vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system.

tags | advisory, vulnerability
systems | linux, debian
MD5 | f42ad7180844d023481ec050da2b3da9
Secunia Security Advisory 39901
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Rad L. Sneak has discovered a vulnerability in ManageEngine ADManager Plus, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | e631406158f6251326f54d9bfc222fd9
Secunia Security Advisory 39913
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - John Leitch has discovered a vulnerability in The Uniform Server, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
MD5 | e94c50f3191390902a5168137a21ec93
Secunia Security Advisory 39856
Posted May 25, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Maksymilian Arciemowicz has discovered a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct cross-site request forgery attacks.

tags | advisory, csrf
systems | solaris
MD5 | be95853b62e8977fd85a26f4e81ed9af
Page 1 of 3
Back123Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close