Advertisement
Home arrow ITsec Advisories
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
ITsec Advisories


XOOPS Flashgames Module "lid" SQL Injection PDF Print E-mail
User Rating: / 1
Written by Marcelo Almeida (Vympel)   
Monday, 07 May 2007
A vulnerability has been reported in the Flashgames module for XOOPS, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "lid" parameter in /modules/flashgames/game.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code... Write Comment (0 Comments)
Read more...
 
ACP3 (v4.0b3) - Multiple Vulnerabilities PDF Print E-mail
User Rating: / 0
Written by Marcelo Almeida (Vympel)   
Monday, 07 May 2007

ACP3 (v4.0b3) - Multiple Vulnerabilities

Cookie Manipulation Vulnerability
-----------------------------------

File: search/list/action_search/index.php
Variable: form[search_term]

Cross-Site Scripting Vulnerabilities...

Write Comment (0 Comments)
Read more...
 
Nuked-Klan "X-Forwarded-For" SQL Injection Vulnerability PDF Print E-mail
User Rating: / 3
Written by Marcelo Almeida (Vympel)   
Monday, 07 May 2007

DarkFig has discovered a vulnerability in Nuked-Klan, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed in the "X-Forwarded-For" HTTP header in index.php and potentially other files is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code...

Write Comment (0 Comments)
Read more...
 
HP ProCurve 9300m Unspecified Denial of Service PDF Print E-mail
User Rating: / 0
Written by Marcelo Almeida (Vympel)   
Thursday, 03 May 2007
A vulnerability has been reported in HP ProCurve 9300m Series switches, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error, which can be exploited to cause a DoS. No more information is currently available.

The vulnerability is reported in versions 8.0.01c – 08.0.01j... Write Comment (0 Comments)
Read more...
 
PHPChain Two Cross-Site Scripting Vulnerabilities PDF Print E-mail
User Rating: / 3
Written by Marcelo Almeida (Vympel)   
Thursday, 03 May 2007
Vuln. discovered by : r0t
Date: 2 May 2007
vendor:http://www.globalmegacorp.org/PHPChain/
affected versions: 1.0 and previous

PHPChain contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "catid" parameter in "settings.php" and in "cat.php" isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site... Write Comment (1 Comments)
Read more...
 
More...
<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Results 91 - 105 of 9522
[ Back ]
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!