New User, Welcome!     Login

Next Page >>

Original Advisory

Related POC for JCE Joomla Extension <=2.0.10 Multiple Vulnerabilities

# Title:                  Exploit for JCE Joomla Extension (Auto Shell  
Uploader) V0.1 - PHP Version
# Vendor:                 http://www.joomlacontenteditor.net
# Vulnerable Version:     JCE 2.0.10 (prior versions also may be affected)
# Exploitation:           Remote with browser
# Original Advisory:      http://www.bugreport.ir/index_78.htm
# Vendor supplied patch:   
http://www.joomlacontenteditor.net/news/item/jce-2011-released
# CVSS2 Base Score:       (AV:N/AC:L/Au:N/C:P/I:P/A:P) --> 7.5
# Coded By:               Mostafa Azizi
###################################################################################################

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability

2011-03-25: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[plesk_7.0-8.2]_open_url_redirection
Parallels Plesk Home Page: http://www.parallels.com/products/plesk
OWASP Top 10 2010 - A 10:
http://www.owasp.org/index.php/Top_10_2010-A10-Unvalidated_Redirects_and_Forwards
SANS Top 25 - Rank 23: http://cwe.mitre.org/top25/#CWE-601

[HACKATTACK Advisory 25012009]ConPresso CMS 4.07 - Session Fixation, XFS, XSS

Affected Products:
----------------------------
ConPresso CMS 4.07 and prior

Original Advisory:
************************
http://www.HACKATTACK.at/

Introduction
************************

CFAGCMS Remote File Inclusion

# Vendor: http://sourceforge.net/projects/cfagcms/
# Bug: Remote File Inclusion
# Vulnerable Version: 1
# Exploitation: Remote with browser
# Fix: N/A
# Original Advisory: http://www.bugreport.ir/index_58.htm
###################################################################


####################
- Description:

[MajorSecurity SA-073]Subdreamer CMS - SQL injection vulnerability

Credits
=============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.net/penetrationstest.php

Original Advisory
=============
http://www.majorsecurity.net/subdreamer_cms_sql_injection.php

Affected Products:
=============

Opera Web Browser v10.62 (CSS) Cross Domain Vulnerability

Vulnerable:
Opera 10.62


By: Securitylab.ir
Original Advisory: http://Securitylab.ir/Advisories

Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability

2010-11-16 : vulnerability disclosed


11. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/eclipse/[eclipse_help_server]_cross_site_scripting
Eclipse Bug Tracker: https://bugs.eclipse.org/bugs/show_bug.cgi?id=329582
Previous XSS Flaws:
http://r00tin.blogspot.com/2008/04/eclipse-local-web-server-exploitation.html
(searchView.jsp, workingSetManager.jsp)

[Onapsis Security Advisory 2011-005] SAP Enterprise Portal Path Disclosure

- - Detection Module available in Onapsis X1: Yes

- - BizRisk Illustration Module available in Onapsis X1: Yes

- - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-005


4. Affected Components Description
==================================

Re: Nginx 0.8.35 Space Character Remote Source Disclosure

info@securitylab.ir wrote:
> Vul in stable versions now isn't work.
> Original Advisory:
> http://blog.pouya.info/userfiles/vul/NginX.rar

http://www.coresecurity.com/content/filename-pseudonyms-vulnerabilities

Multiple Vulnerabilities with 8.3 filename pseudonyms in Web servers

"Nginx Web Server [1]. The way Nginx handles files may differ when they

KeePass version 2.12 <= Insecure DLL Hijacking Vulnerability (dwmapi.dll)

09-01-2010: vulnerability disclosed


11. REFERENCES

Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[keepass]_2.12_insecure_dll_hijacking_(dwmapi.dll)
Workaround Solution: http://support.microsoft.com/kb/2264107
Workaround Solution:
https://www.microsoft.com/technet/security/advisory/2269637.mspx#EGF
Developer Solution:

[Onapsis Security Advisory 2010-006] SAP J2EE Web Services Navigator Cross-Site Scripting

- - Locally Exploitable: Yes

- - Authentication Required: No

- - Original Advisory:
http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-006


4. Affected Components Description
==================================

Joomla Component com_lms SQL Injection

----------------------------------
Joomla Component com_lms SQL Injection
Greetz: AurA, Mormoroth, Null, t3rr0r1st
Discovered by The-0utl4w
Vendor: joomlashowroom.com/
Original Advisory: http://forum.aria-security.com/showthread.php?p=61

Vuln:
index.phpoption=com_lms&task=showTests&cat=somenumber

PGP Desktop version 9.10.x-10.0.0 Insecure DLL Hijacking Vulnerability (tsp.dll, tvttsp.dll)

09-09-2010: vulnerability disclosed


11. REFERENCES

Original Advisory URL:
http://core.yehg.net/lab/pr0js/advisories/dll_hijacking/[pgp_desktop]_9x-10.0.0_insecure_dll_hijacking_(tsp.dll,tvttsp.dll)
Related: PGP 9.8 DLL Hijacking:
http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
Workaround Solution: http://support.microsoft.com/kb/2264107
Workaround Solution:

Xigla Multiple Products - Multiple Vulnerabilities

# Title: Xigla Multiple Products - Multiple Vulnerabilities
# Vendor: http://www.xigla.com/
# Exploit: N/A
# Impact: Medium
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/41
###################################################################################


####################
1. Description:

[HACKATTACK Advisory 080110] Windows Live Messenger 2009 ActiveX DoS Vulnerability

www.natalnetworks.com


********************************************************************************

Original Advisory
www.hackattack.com
www.natalnetworks.com


********************************************************************************

PHP-Nuke 8.x <= Cross Site Scripting Vulnerability

2010-03-23: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[phpnuke-8.x]_cross_site_scripting
About PHP-Nuke: http://en.wikipedia.org/wiki/PHP-Nuke
php-Nuke 8.0: http://phpnuke.org/modules.php?name=Downloads&d_op=getit&lid=658
CWE-79: http://cwe.mitre.org/data/definitions/79.html

PHP CGI Argument Injection Remote Exploit V0.3 - PHP Version

# Title:                  PHP CGI Argument Injection Remote Exploit  
V0.3 - PHP Version
# Vendor:                 http://www.php.net
# Vulnerable Version:     PHP up to version 5.3.12 and 5.4.2
# Exploitation:           Remote
# Original Advisory:       
http://eindbazen.net/2012/05/php-cgi-advisory-cve-2012-1823/
# Original Exploit URL:   http://www.bugreport.ir/79/exploit.htm
# CVE:                    CVE-2012-1823
# Coded By:               Mostafa Azizi (admin[@]0-Day[dot]net)
###################################################################################################

[HACKATTACK Advisory 20081127]Social Impress CMS 1.1 - Session Fixation

Affected Products:
----------------------------
Impress CMS 1.1 and prior

Original Advisory:
************************
http://www.HACKATTACK.at/

Introduction
************************

Social Engine 2.7 CRLF Injection + SQL injection

Affected Products:
----------------------------
Social Engine 2.7 and prior

Original Advisory:
************************
http://www.HACKATTACK.at/
http://www.HACKATTACK.eu/
Introduction
************************

[MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues

Credits
=============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.net/penetrationstest.php

Original Advisory
=============
http://www.majorsecurity.net/phpFaber_CMS_xss.php

Affected Products:
=============

Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability

2011-01-06: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting
Joomla! 1.0.x End of Life -
http://community.joomla.org/blogs/community/509-an-old-friend-comes-of-age.html
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html

[Onapsis Security Advisory 2012-04] Oracle JD Edwards SawKernel GET_INI Information Disclosure

- --Locally Exploitable: No

- --Authentication Required: No

- --Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2012-04


4. Affected Components Description
==================================

1024CMS Blind SQL Injection Vulnerability

parameter in file rss.php using the
vendor string escaping function 'quote_smart' as is used in all of  
other files else of this one.

####################
- Original Advisory:
####################

http://www.bugreport.ir/index_69.htm

####################

[MajorSecurity Advisory #57]PHP <=5.3 - preg_match() full path disclosure

Affected Products:
----------------------------
PHP 5.3 and prior
PHP 5.2.11 and prior

Original Advisory:
============
http://www.majorsecurity.info/index_2.php?major_rls=major_rls57

Introduction
============

CVE-2008-1094 - Barracuda Span Firewall SQL Injection Vulnerability

per_user_account_view&boolean_0=boolean_and&filter_0=search_count_equals&pattern_0=if(database() like concat(char(99),char(37)),5,0)

An attacker can exploit this vulnerability by injecting arbitrary SQL code to be executed as part of the SQL query.


Original Advisory:

http://dcsl.ul.ie/advisories/02.htm


Barracuda Networks Technical Alert

Multiple Cross-Site Scripting Vulnerabilities in Web Wiz Rich Text Editor version 4.02

#    Upgrade to version 4.03 or higher, as it has been reported to fix this vulnerability. 
#    An upgrade is required as there are no known workarounds. 
#    Actual Version: Web Wiz Rich Text Editor (RTE) 4.02
# _____________________________________________________________________________________________ˆ
#     .: [References]
#    Original Advisory          http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txt
#    Related Depo2 BugTracker:  http://depo2.nm.ru/WebWiz_Rich_Text_Editor_v4.02_XSS.txt
# _____________________________________________________________________________________________ˆ
#     .: [Manual Testing Notes]
#       
#    Web Wiz Rich Text Editor version 4.02 // RTE_popup_link.asp

[Onapsis Security Advisory 2010-007] SAP Management Console Multiple Denial of Service

- - Authentication Required: No

- - Module Available in Onapsis X1: Yes

- - Original Advisory: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2010-007


4. Affected Components Description
==================================

Re: [oss-security] Dolphin 7.0.7 <= Multiple Cross Site Scripting Vulnerabilities

> 2012-02-20: vulnerability disclosed
> 
> 
> 10. REFERENCES
> 
> Original Advisory URL:
> http://yehg.net/lab/pr0js/advisories/%5BDolphin_7.0.7%5D_xss
> BoonEx Home Page: http://www.boonex.com/
> 
> 
> #yehg [2012-02-20]

Insomnia : ISVA-110822.1 - Pidgin IM Insecure URL Handling Remote Code Execution

    http://www.pidgin.im
 
 Affected Products:
    Pidgin Instant Messaging Client <= 2.9.0
     
 Original Advisory:
    http://www.insomniasec.com/advisories/ISVA-110822.1.htm
 
 Researcher:
    James Burton, Insomnia Security
    http://www.insomniasec.com

Claroline v.1.8.11 Cross-Site Scripting

Author: Gerendi Sandor Attila 
Original Advisory: http://gsasec.blogspot.com/2009/05/claroline-v1811-cross-site-scripting.html
Date: May 05, 2009
Package: Claroline (1.8.11)
Product Homepage: http://www.claroline.net/
Versions Affected: v.1.8.11 (Other versions may also be affected)
Severity: Medium

Input passed to the 'Referer' header parameter when posting to '/claroline/linker/notfound.php' is not sanitized before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Next Page>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!