jetlib.sec

Feeds

133445 items (0 unread) in 27 feeds

81 items tagged "page"

Related tags: php [+], inclusion [+], capture [+], system [+], phpmyadmin [+], page parameter [+], sql [+], cross site scripting [+], xss [+], service vulnerability [+], file upload [+], error [+], denial of service [+], authentication [+], vulnerability [+], xen [+], wikkawiki [+], webtech [+], useragent header [+], uri [+], sql injection [+], spam [+], simple [+], script [+], router function [+], python script [+], page option [+], page fault [+], logging feature [+], least three different ways [+], joomla [+], fixup [+], file php [+], file [+], execution [+], eval [+], comment [+], command execution [+], cms [+], board [+], asp [+], arbitrary code execution [+], account creation [+], webwizard [+], webapps [+], txt [+], tracking [+], stack overflows [+], stab [+], slides [+], parameter [+], page id [+], page asp [+], mark zuckerberg [+], guard [+], fun [+], facebook [+], easy [+], asidus [+], zero day [+], video mark [+], video [+], unexpected manner [+], toy [+], time [+], textads [+], tabnapping [+], splashworks splashsite [+], splashworks [+], snapproof [+], sharepoint [+], security breach [+], search page [+], search [+], sculpture [+], remote file include vulnerability [+], read [+], privilege escalation vulnerability [+], prefix [+], precision technologies [+], precision [+], powerpc [+], phpmyfaq [+], page 6 [+], oscss [+], org uk [+], opencart [+], nyt article [+], news [+], monoloco [+], mine [+], microsoft [+], local privilege escalation [+], linux kernel [+], linux [+], kinetic sculpture [+], kinetic [+], kernel [+], kenetic sculpture [+], jetdirect [+], improved [+], ignition [+], idevspot [+], hp jetdirect device [+], hp jetdirect [+], hacks [+], hackaday [+], got [+], google [+], gmail [+], g page [+], fremens [+], found [+], file deletion [+], embryocore [+], dorncms [+], doors [+], don [+], document object model [+], device [+], delete [+], darknet [+], cutenews [+], crownweb [+], creative [+], clic [+], chris burden [+], cfm [+], bugtraq [+], attack [+], application [+], ExploitsVulnerabilities [+], day [+], admin [+]

May 25, 2012
14:00
[webapps / 0day] - DornCMS 1.4 (add_page.php) Arbitrary File Upload Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - DornCMS 1.4 (add_page.php) Arbitrary File Upload Vulnerability
Tags: day page dorncms webapps file-upload vulnerability

13:29
DornCMS 1.4 (add_page.php) Arbitrary File Upload
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
Tags: file php page arbitrary-code-execution file-php file-upload

13:29
DornCMS 1.4 (add_page.php) Arbitrary File Upload
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
Tags: file php page arbitrary-code-execution file-php file-upload

13:29
DornCMS 1.4 (add_page.php) Arbitrary File Upload
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
Tags: file php page arbitrary-code-execution file-php file-upload

May 18, 2012
7:29
Admin Page Finder Script
» ‎ Packet Storm Security Recent Files

This python script looks for a large amount of possible administrative interfaces on a given site.
Tags: admin page script python-script

7:29
Admin Page Finder Script
» ‎ Packet Storm Security Tools

This python script looks for a large amount of possible administrative interfaces on a given site.
Tags: admin page script python-script

7:29
Admin Page Finder Script
» ‎ Packet Storm Security Misc. Files

This python script looks for a large amount of possible administrative interfaces on a given site.
Tags: admin page script python-script

May 11, 2012
14:58
WikkaWiki 1.3.2 Spam Logging PHP Injection
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
Tags: wikkawiki spam comment page least-three-different-ways useragent-header logging-feature

14:58
WikkaWiki 1.3.2 Spam Logging PHP Injection
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
Tags: wikkawiki spam comment page least-three-different-ways useragent-header logging-feature

14:58
WikkaWiki 1.3.2 Spam Logging PHP Injection
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, this module does so by generating 10 fake URLs in a comment (by default, the max_new_comment_urls parameter is 6). Please note that in order to use the injection, you must manually pick a page first that allows you to add a comment, and then set it as 'PAGE'.
Tags: wikkawiki spam comment page least-three-different-ways useragent-header logging-feature

March 11, 2012
15:00
[webapps / 0day] - Clic Page XSS and SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Clic Page XSS and SQL Injection Vulnerability
Tags: clic day page xss vulnerability

March 07, 2012
18:03
LotusCMS 3.0 eval() Remote Command Execution
» ‎ Packet Storm Security Exploits

This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
Tags: eval page execution uri router-function page-parameter command-execution

18:03
LotusCMS 3.0 eval() Remote Command Execution
» ‎ Packet Storm Security Recent Files

This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
Tags: eval page execution uri router-function page-parameter command-execution

18:03
LotusCMS 3.0 eval() Remote Command Execution
» ‎ Packet Storm Security Misc. Files

This Metasploit module exploits a vulnerability found in Lotus CMS 3.0's Router() function. This is done by embedding PHP code in the 'page' parameter, which will be passed to a eval call, therefore allowing remote code execution. The module can either automatically pick up a 'page' parameter from the default page, or manually specify one in the URI option.
Tags: eval page execution uri router-function page-parameter command-execution

January 20, 2012
21:25
Lead Capture Page System Cross Site Scripting
» ‎ Packet Storm Security Exploits

Lead Capture Page System suffers from a cross site scripting vulnerability.
Tags: system page capture vulnerability

21:25
Lead Capture Page System Cross Site Scripting
» ‎ Packet Storm Security Recent Files

Lead Capture Page System suffers from a cross site scripting vulnerability.
Tags: system page capture vulnerability

21:25
Lead Capture Page System Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

Lead Capture Page System suffers from a cross site scripting vulnerability.
Tags: system page capture vulnerability

January 12, 2012
17:49
Lead Capture Page System Authentication Bypass
» ‎ Packet Storm Security Exploits

Lead Capture Page System suffers from an account creation / authentication bypass vulnerability.
Tags: system page capture account-creation authentication vulnerability

17:49
Lead Capture Page System Authentication Bypass
» ‎ Packet Storm Security Recent Files

Lead Capture Page System suffers from an account creation / authentication bypass vulnerability.
Tags: system page capture account-creation authentication vulnerability

17:49
Lead Capture Page System Authentication Bypass
» ‎ Packet Storm Security Misc. Files

Lead Capture Page System suffers from an account creation / authentication bypass vulnerability.
Tags: system page capture account-creation authentication vulnerability

14:00
[webapps / 0day] - Lead Capture Page System Authentication Bypass Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Lead Capture Page System Authentication Bypass Vulnerability
Tags: day page capture vulnerability authentication

January 09, 2012
12:00
Bugtraq: DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
» ‎ SecurityFocus Vulnerabilities

DDIVRT-2011-37 HP JetDirect Device Page Directory Traversal (CVE-2011-4785)
Tags: page device jetdirect hp-jetdirect-device bugtraq hp-jetdirect

November 07, 2011
20:23
Hackaday now officially has a G+ page
» ‎ Hack a Day

There was a recent announcement that G+ opened the doors to businesses and organizations for g+ pages. This means we can have an official G+ page with google’s blessing. We’ve opened one up here. We plan on having “hangouts” from time to time so people can show off what they’ve done. Don’t worry if you’re [...]
Tags: hackaday page time don g-page google doors news

September 05, 2011
9:11
Jumping The Guard Page For Fun And Profit
» ‎ Packet Storm Security Recent Files

These are slides from a presentation called Jumping the Guard Page for Fun and Profit - Recursive Stack Overflows.
Tags: guard page fun stack-overflows slides

9:11
Jumping The Guard Page For Fun And Profit
» ‎ Packet Storm Security Misc. Files

These are slides from a presentation called Jumping the Guard Page for Fun and Profit - Recursive Stack Overflows.
Tags: guard page fun stack-overflows slides

August 16, 2011
21:00
[webapps / 0day] - Precision Technologies(page.php)sql Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Precision Technologies(page.php)sql Injection Vulnerability
Tags: day precision page precision-technologies vulnerability

July 21, 2011
7:27
Joomla Simple Page Option Local File Inclusion
» ‎ Packet Storm Security Exploits

The Joomla Simple Page Option component suffers from a local file inclusion vulnerability.
Tags: page simple joomla page-option vulnerability inclusion

7:27
Joomla Simple Page Option Local File Inclusion
» ‎ Packet Storm Security Recent Files

The Joomla Simple Page Option component suffers from a local file inclusion vulnerability.
Tags: page simple joomla page-option vulnerability inclusion

7:27
Joomla Simple Page Option Local File Inclusion
» ‎ Packet Storm Security Misc. Files

The Joomla Simple Page Option component suffers from a local file inclusion vulnerability.
Tags: page simple joomla page-option vulnerability inclusion

July 10, 2011
0:00
Vuln: Tugux CMS 'delete_page_parse.php' Arbitrary File Deletion Vulnerability
» ‎ SecurityFocus Vulnerabilities

Tugux CMS 'delete_page_parse.php' Arbitrary File Deletion Vulnerability
Tags: delete page cms file-deletion vulnerability

June 07, 2011
21:00
[webapps / 0day] - Prefix Technologies (page.php) SQL injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Prefix Technologies (page.php) SQL injection Vulnerability
Tags: prefix day page webapps vulnerability

June 06, 2011
0:00
Vuln: phpMyAdmin Tracking Page HTML Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Tracking Page HTML Injection Vulnerability
Tags: tracking phpmyadmin page vulnerability
May 24, 2011
0:00
Vuln: phpMyAdmin Tracking Page HTML Injection Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Tracking Page HTML Injection Vulnerability
Tags: tracking phpmyadmin page vulnerability

May 08, 2011
21:00
[webapps / 0day] - EmbryoCore v1.03 (page) Blind SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - EmbryoCore v1.03 (page) Blind SQL Injection Vulnerability
Tags: day embryocore page sql-injection vulnerability

March 29, 2011
0:00
Vuln: phpMyAdmin Error Page Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Error Page Cross Site Scripting Vulnerability
Tags: error phpmyadmin page cross-site-scripting vulnerability
March 28, 2011
0:00
Vuln: phpMyAdmin Error Page Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Error Page Cross Site Scripting Vulnerability
Tags: error phpmyadmin page
March 16, 2011
0:00
Vuln: Xen 'fixup_page_fault()' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Xen 'fixup_page_fault()' Denial of Service Vulnerability
Tags: xen page fixup service-vulnerability denial-of-service page-fault

February 28, 2011
8:00
[webapps / 0day] - SnapProof (page.php) SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - SnapProof (page.php) SQL Injection Vulnerability
Tags: snapproof day page vulnerability

February 21, 2011
0:00
Vuln: phpMyAdmin Error Page Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Error Page Cross Site Scripting Vulnerability
Tags: error phpmyadmin page cross-site-scripting vulnerability

January 26, 2011
9:47
Mark Zuckerberg's Facebook Page Got Hacked
» ‎ Packet Storm Security Headlines

Mark Zuckerberg's Facebook Page Got Hacked
Tags: facebook got page mark-zuckerberg

1:32
Video: Mark Zuckerberg's Facebook page hacked, but website stays quiet about security breach
» ‎ Sophos security news

Sophos comments on how hack could have occurred.
Tags: video facebook page mark-zuckerberg security-breach video-mark

January 13, 2011
0:00
Vuln: Xen 'fixup_page_fault()' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Xen 'fixup_page_fault()' Denial of Service Vulnerability
Tags: xen page fixup service-vulnerability denial-of-service page-fault
January 05, 2011
0:00
Vuln: phpMyAdmin Error Page Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyAdmin Error Page Cross Site Scripting Vulnerability
Tags: error phpmyadmin page cross-site-scripting vulnerability

December 29, 2010
14:00
[webapps / 0day] - Ignition 1.3 (page.php) Local File Inclusion Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Ignition 1.3 (page.php) Local File Inclusion Vulnerability
Tags: day page ignition vulnerability inclusion

December 20, 2010
6:16
Kinetic sculpture takes a page from modern life
» ‎ Hack a Day

The blurry image above is a snap of toy cars as they zoom around a multi-lane, multi-level, maniacal-maze called Metropolis II. We originally took a look at the video after the break (do it now!) but found more information on [Chris Burden's] kenetic sculpture in this NYT article. He and eight studio artists began work [...]
Tags: kinetic page sculpture chris-burden kenetic-sculpture nyt-article kinetic-sculpture toy hacks

December 17, 2010
11:58
PHP ID Page SQL Injection
» ‎ Packet Storm Security Exploits

PHP ID Page suffers from a remote SQL injection vulnerability.
Tags: page php sql vulnerability

11:58
PHP ID Page SQL Injection
» ‎ Packet Storm Security Recent Files

PHP ID Page suffers from a remote SQL injection vulnerability.
Tags: page php sql vulnerability

11:58
PHP ID Page SQL Injection
» ‎ Packet Storm Security Misc. Files

PHP ID Page suffers from a remote SQL injection vulnerability.
Tags: page php sql vulnerability

December 05, 2010
14:00
[webapps / 0day] - Page Mine XSS/SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - Page Mine XSS/SQL Injection Vulnerability
Tags: mine day page vulnerability

November 30, 2010
0:00
Vuln: Xen 'fixup_page_fault()' Denial of Service Vulnerability
» ‎ SecurityFocus Vulnerabilities

Xen 'fixup_page_fault()' Denial of Service Vulnerability
Tags: xen page fixup service-vulnerability denial-of-service page-fault

October 05, 2010
14:00
[webapps / 0day] - CuteNews (page) local File Inclusion Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

[webapps / 0day] - CuteNews (page) local File Inclusion Vulnerability
Tags: day page cutenews vulnerability inclusion
August 20, 2010
5:44
Monoloco CMS (page.php) Remote SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Monoloco CMS (page.php) Remote SQL Injection Vulnerability
Tags: monoloco page cms sql-injection vulnerability

July 22, 2010
0:00
Vuln: phpMyFAQ Search Page Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

phpMyFAQ Search Page Cross Site Scripting Vulnerability
Tags: phpmyfaq page search cross-site-scripting vulnerability search-page

July 21, 2010
1:00
Fremens (page.php) SQL Injection Vulnerability
» ‎ 1337day (was: Inj3ct0r, 1337db)

Fremens (page.php) SQL Injection Vulnerability
Tags: php page fremens vulnerability

July 20, 2010
18:22
ZDI-10-130.txt
» ‎ Packet Storm Security Advisories

Zero Day Initiative Advisory 10-130 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the victim must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of the NodeIterator interface for traversal of the Document Object Model. Due to the implementation requiring a javascript callback, an attacker can utilize the callback in order to manipulate the contents of the page. By doing so in an unexpected manner, an attacker can cause the process to corrupt memory. Successful exploitation will lead to code execution under the context of the application.
Tags: vulnerability page application document-object-model unexpected-manner zero-day

July 09, 2010
0:00
Vuln: osCSS 'page' Parameter Cross Site Scripting Vulnerability
» ‎ SecurityFocus Vulnerabilities

osCSS 'page' Parameter Cross Site Scripting Vulnerability
Tags: oscss parameter page page-parameter cross-site-scripting vulnerability

July 06, 2010
3:50
Tabnapping Attack On The Increase
» ‎ Darknet

This is an interesting new attack, I saw a live demo of it a while back here: Tabnabbing: A New Type of Phishing Attack. All you need to do is let the page load, then browse to another tab for 5 seconds or more and you’ll see the favicon change to Gmail and the page [...]

Read the full post at darknet.org.uk

Tags: tabnapping attack page read darknet gmail org-uk ExploitsVulnerabilities