Bugtraq France
«Sécurité des systèmes d'information»
Accueil » webmaster
[Sondage] Quel(s) système(s) d'exploitation offre le plus de sécurité ?

[Sondage] Quel(s) système(s) d’exploitation offre le plus de sécurité ?

26 avril 2012 · par webmaster · dans Sondage
Linux privileged and arbitrary chdir(),

Linux privileged and arbitrary chdir(),

26 avril 2012 · par webmaster · dans Linux, News, Vulnérabilités

1. VULNERABILITY linux privileged and arbitrary chdir(), this leads to an arbitrary file identification as root. ————————- 2. BACKGROUND mount.cifs (GNU Software) is part of linux base system, and is setuided on most of the distributions (archlinux, debian, ubuntu, …) This…

IPhone TreasonSMS - HTML Inject & File Include Vulnerability

IPhone TreasonSMS – HTML Inject & File Include Vulnerability

24 avril 2012 · par webmaster · dans Iphone

Introduction: treasonSMS allows you to send SMS from your desktop computer. It turns your iPhone into a SMS webserver, so you can send sms and reply to SMS from your computer over wifi. Confirmed working with FF 3.5, Safari and…

Chengdu Bureau of Commerce - SQL Injection Vulnerability

Chengdu Bureau of Commerce – SQL Injection Vulnerability

24 avril 2012 · par webmaster · dans News, SQL Injection, Vulnérabilités

References: http://www.vulnerability-lab.com/get_content.php?id=312 ——————– Introduction: May 20, by my bureau composed of 10 members, participated in by the Chinese Cycling Association, Chengdu Sports Bureau, Chong City People s Government s  second bike fans in Chengdu, China Fitness Festival  Second station (Chong…

XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Software

XSS and Blind SQL Injection Vulnerabilities in ExponentCMS Software

24 avril 2012 · par webmaster · dans News, SQL Injection, Vulnérabilités, XSS

Information Vendor Homepage :  http://www.exponentcms.org Vulnerability Type :  Cross-Site Scripting and SQL Injection Severity :  Critical Researcher :  Onur Yılmaz Advisory Reference :  NS-12-006 ——————– Description Exponent is a website content management system (or CMS) that allows site owners to…

ChurchCMS 0.0.1 'admin.php' Multiple SQLi

ChurchCMS 0.0.1 ‘admin.php’ Multiple SQLi

24 avril 2012 · par webmaster · dans News, SQL Injection, Vulnérabilités, Webmastering

##### Description ##### ChurchCMS is the software to place on your church’s website that is easily managed, self-intuitive, yet expandable via our module library. Included features are: announcements, calendar, prayer requests manager, and help wanted manager.    ##### Vulnerability #####…

Cross-site scripting vulnerability in Invision Power Board version 3.2.3

Cross-site scripting vulnerability in Invision Power Board version 3.2.3

7 avril 2012 · par webmaster · dans News, Vulnérabilités, XSS

Information Name :  Cross-site scripting vulnerability in Invision Power Board version 3.2.3 Software :  Invision Power Board version 3.2.3 Vendor Homepage :  http://www.invisionpower.com Vulnerability Type :  Cross-site scripting Severity :  High Researcher :  Vasil A. xss@9y.com Advisory Reference :  NS-12-005…

e-ticketing' SQL Injection

e-ticketing’ SQL Injection

7 avril 2012 · par webmaster · dans News, SQL Injection

I. DESCRIPTION A vulnerability exists in loginscript.php that allows for SQL injection of the ‘user_name’ and ‘password’ POST parameters. ————————————— II. TESTED VERSION Released on 2011-11-30 (no versioning used) ————————————— III. PoC EXPLOIT POST a form to loginscript.php with the…

Hotel Booking Portal' SQL Injection

Hotel Booking Portal’ SQL Injection

7 avril 2012 · par webmaster · dans News, SQL Injection, Vulnérabilités

I. DESCRIPTION A vulnerability exists in getcity.php that allows for SQL injection of the ‘country’ POST parameter. ————————————— II. TESTED VERSION 0.1 ————————————— III. PoC EXPLOIT POST a form to getcity.php with the value of ‘country’ set to: ‘ union…

File Existence Disclosure in Uploadify 3.0.0

File Existence Disclosure in Uploadify 3.0.0

7 avril 2012 · par webmaster · dans News, Webmastering

I. DESCRIPTION Uploadify is a jQuery plugin that integrates a fully-customizable multiple file upload utility on your website. It uses a mixture of Javascript, ActionScript, and any server-side language to dynamically create an instance over any DOM element on a…

'PHP Grade Book' Unauthenticated SQL Database Export

‘PHP Grade Book’ Unauthenticated SQL Database Export

23 mars 2012 · par webmaster · dans Webmastering

I. DESCRIPTION A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the entire application database by accessing the ‘Database Backup’ method without restriction. Due to the way sessions are handled, an attacker can then simply pass…

at32 Reverse Proxy -  Multiple HTTP Header Field Denial Of Service Vulnerability

at32 Reverse Proxy – Multiple HTTP Header Field Denial Of Service Vulnerability

20 mars 2012 · par webmaster · dans DOS, News, Proxy, Vulnérabilités

Product : at32 Reverse Proxy Version : v1.060.310 Vendor: http://www.at32.com/doc/rproxy.htm Class:  Boundary Condition Error Remote:  Yes Local:  No Published:  2012-03-14 Impact : Medium (CVSS2 Base : 6.1, AV:A/AC:L/Au:N/C:N/I:N/A:C) Bug Description : At32 Reverse Proxy allows you to host several websites…

Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability

Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability

13 mars 2012 · par webmaster · dans VOIP, Vulnérabilités, XSS

Product: Yealink Easy VOIP Phone Homepage: http://www.yealink.com Impact: Medium Authentication: Required Author: Narendra Shinde ————————— Vendor description: Yealink is the professional designer and manufacturer of IP Phone and IP Video Phone for the world-wide broadband telephony market. For more than…

CheckPoint Firewall SecuRemote Hostname Information Disclosure

CheckPoint Firewall SecuRemote Hostname Information Disclosure

13 mars 2012 · par webmaster · dans Firewalls, VPN, Vulnérabilités

Release Date: 12-Mar-2012 Software: CheckPoint Firewall / VPN-1 / http://www.checkpoint.com/ Versions testé:NGX R65, R71. Other versions untested but likely affected. Vulnerability discovered: By sending a pre-authentication topology request to the VPN SecuRemote service, it is possible to obtain the firewall…

Recrutement

Recrutement

8 mars 2012 · par webmaster · dans News

Rejoignez notre nouvelle communauté et participer à son bon développement* ! Nous recherchons : Des rédacteurs, responsables de la publication des actualités sur le blog (en cours) Des modérateurs, responsables du contenu et des membres du forum (en cours) Un…

29 700 spam blocked by Akismet

Recherche

Catégories

  • DOS
  • Firewalls
  • Iphone
  • Linux
  • News
  • Proxy
  • Sondage
  • SQL Injection
  • VOIP
  • VPN
  • Vulnérabilités
  • Webmastering
  • XSS

Copyright © 2018 Bugtraq France

Powered by WordPress and Origin