Для нормальной работы сайта необходимо разрешить JavaScript, включая скрипты с доменов googlesyndication.com и doubleclick.net для отображения системы поиска по сайту и прочих сервисов Google.

PS Exploit News

Packet Storm - Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
  1. Kentix MultiSensor-LAN 5.63.00 Authentication Bypass

    Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user management web page can be accessed and used without any authentication.
  2. Joomla! 3.9.1 Cross Site Scripting

    Joomla! version 3.9.1 suffers from a persistent cross site scripting vulnerability in the global configuration textfilter settings.
  3. phpTransformer 2016.9 Directory Traversal

    phpTransformer version 2016.9 suffers from a directory traversal vulnerability.
  4. phpTransformer 2016.9 SQL Injection

    phpTransformer version 2016.9 suffers from a remote SQL injection vulnerability.
  5. SeoToaster Ecommerce 3.0.0 Local File Inclusion

    SeoToaster Ecommerce version 3.0.0 suffers from a local file inclusion vulnerability.
  6. DotNetNuke Events Calendar 1.x File Download

    DotNetNuke Events Calendar module version 1.x suffers from a file download vulnerability.
  7. Webmin 1.900 Remote Command Execution

    This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
  8. SSHtranger Things SCP Client File Issue

    SCP clients have an issue where additional files can be copied over without your knowledge.
  9. FastTube 1.0.1.0 Denial Of Service

    FastTube version 1.0.1.0 suffers from a denial of service vulnerability.
  10. Eco Search 1.0.2.0 Denial Of Service

    Eco Search version 1.0.2.0 suffers from a denial of service vulnerability.
  11. One Search 1.1.0.0 Denial Of Service

    One Search version 1.1.0.0 suffers from a denial of service vulnerability.
  12. VPN Browser+ 1.1.0.0 Denial Of Service

    VPN Browser+ version 1.1.0.0 suffers from a denial of service vulnerability.
  13. 7 Tik 1.0.1.0 Denial Of Service

    7 Tik version 1.0.1.0 suffers from a denial of service vulnerability.
  14. Watchr 1.1.0.0 Denial Of Service

    Watchr version 1.1.0.0 suffers from a denial of service vulnerability.
  15. Microsoft Edge Chakra InlineArrayPush Type Confusion

    Microsoft Edge suffers from a Chakra related type confusion vulnerability in InlineArrayPush.
  16. Mozilla Firefox 64 Information Disclosure

    Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker.
  17. Siemens SICAM A8000 Series Denial Of Service

    Siemens SICAM A8000 Series suffers from an XML injection denial of service vulnerability.
  18. Oracle Reports Developer 12.2.1.3 Cross Site Scripting

    Oracle Reports Developer component version 12.2.1.3 suffers from a cross site scripting vulnerability.
  19. Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection

    Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
  20. Joomla ZHYandexMap 8.0.0.2 Database Disclosure

    Joomla ZHYandexMap component version 8.0.0.2 suffers from a database disclosure vulnerability.
  21. Microsoft Edge Chakra JIT Use-After-Free / Flag Issue

    In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free.
  22. Microsoft Edge Chakra JIT NewScObjectNoCtor / InitProto Type Confusion

    Microsoft Edge has an issue where NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code.
  23. Check Point ZoneAlarm 8.8.1.110 Local Privilege Escalation

    Check Point ZoneAlarm version 8.8.1.110 suffers from a local privilege escalation vulnerability.
  24. Blueimp jQuery File Upload 9.22.0 Arbitrary File Upload

    Blueimp jQuery File Upload versions 9.22.0 and below suffer from a remote file upload vulnerability.
  25. ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution

    ShoreTel / Mitel Connect ONSITE ST14.2 suffers from a remote code execution vulnerability.
Рейтинг@Mail.ru 2 megabytes