BD Pyxis™ MedBank Security Vulnerabilities

Seeker Advisory Sep11: Reflected Cross Site Scripting in Microsoft SharePoint Portal

Seeker Research Center Security Advisory This vulnerability was discovered by Seeker® Automatic Run-Time Application Security Testing Solution Disclosed By Irene Abezgauz, September 13th, 2011 ========= I. Overview ========= A Cross Site Scripting vulnerability has been identified in Microsoft...

50 More Websites Hacked By PCA (BanneD™ And <=Shak=>)

50 More Websites Hacked By PCA (BanneD™ And &lt;=Shak=&gt;) Pakistan Cyber Army once again target 50 more Indian websites . This Time the hacked sites include the most domains from Mumbai. List of Hacked sites and Mirrors are posted by hacker here. Visitor to these sites can see Pakistani Flag on t...

GFI SandBox - Powerful automated malware analysis

GFI SandBox - Powerful automated malware analysis GFI SandBox™ (formerly CWSandbox) is an industry leading dynamic malware analysis tool. It gives you the power to analyze virtually any Windows application or file including infected: Office documents, PDFs, malicious URLs, Flash ads and custom...

HTC HD2 Mobile Phone - Lock Screen Keyboard Bypass

...

HTC HD2 Mobile Phone - Lock Screen Keyboard Bypass

...

eClime eCommerce JE 1.0.6b - SQL Injection Vulnerabilities

...

eClime eCommerce JE 1.0.6b - SQL Injection Vulnerabilities

...

phpMyAdmin 3.x Swekey Remote Code Injection Exploit

Exploit for php platform in category web...

DotNetNuke Multiple 0day Vulnerabilities

Exploit for php platform in category web...

Off-by-one in Sybase Advantage Server 10.0.0.3

Luigi Auriemma Application: Sybase Advantage Server http://www.sybase.com/products/databasemanagement/advantagedatabaseserver Versions: &lt;= 10.0.0.3 Platforms: Windows, NetWare, Linux Bug: off-by-one Exploitation: remote, versus server Date: 27 Jun 2011...

RSLinx Classic EDS Wizard buffer overflow vulnerability

Overview Rockwell Automation RSLinx Classic EDS Hardware Installation Tool contains a buffer overflow vulnerability. Description According to Rockwell Automation's website: _RSLinx Classic provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as...

Cisco Security Agent Management Console ‘st_upload’ RCE Exploit

...

XSS Vulnerability in Tracks 1.7.2

Information Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur &lt;mesut [at] mavitunasecurity [dot] com&gt; Advisory Reference : NS-11-003 Description Tracks is a.....

Pligg CMS 1.1.3 Multiple Vulnerabilities

Exploit for php platform in category web...

Multiple Vulnerability in McAfee Website , XSS and Other Attacks !

Multiple Vulnerability in McAfee Website , XSS and Other Attacks ! Researchers at the YGN Ethical Hacker Group have revealed multiple security vulnerabilities found in the McAfee.com website that leaves the company's portal susceptible to attacks and data leakage. The group found that the...

KastBook 0.4 Exploit

Exploit for php platform in category web...

iconics genesis32 and genesis64 - Multiple Vulnerabilities

iconics genesis32 and genesis64 - Multiple...

iconics genesis32 and genesis64 - Multiple Vulnerabilities

...

Yahoo! Announces Hack U™ Spring 2011 Series !

Yahoo! is proud to announce the Hack U™ Spring 2011 calendar of events. Join Yahoo! web experts for a week of learning, hacking and fun! You'll hear interesting tech talks, hacking tips and lessons, and get hands-on coding workshops where you'll work with cutting-edge technology. The week's...

Local Training Center, Hacker University, 8 in the USA Participate in Global Launch of Certified Ethical Hacker version 7

450 Global Training Centers Nominated, 25 Selected Worldwide, 8 in the USA, 1 in St. Louis (February 2, 2011) St. Louis, MO – Hacker University is pleased to announce it has been asked by EC-Council, the leading international certification body in information security, to participate in the...

InduSoft NTWebServer web service stack-based buffer overflow

Overview InduSoft NTWebServer web service contains a stack-based buffer overflow vulnerability. Description According to InduSoft's website: "InduSoft Web Studio™ is a powerful collection of automation tools that provide all the automation building blocks to develop HMIs, SCADA systems and...

December Top 10 Malware List !

GFI Software, a leading IT solutions provider for small and medium-sized enterprises, today revealed continuing high levels of Trojan and rogue malware circulating during December, with data revealing a surge in activity, boosted by themed activity around the Christmas and New Year holiday period.....

Joomla JE Auto Component (com_jeauto) LFI Vulnerability

Exploit for php platform in category web...

VMware Tools update OS Command Injection

Exploit for multiple platform in category remote...

Joomla Component com_jeauto LFI Vulnerability

Exploit for php platform in category web...

Wordpress function do_trackbacks() SQL Injection Vulnerability

Exploit for php platform in category web...

BroadWorks Arbitrary Call Detail Record Eavesdropping

...

Oracle Siebel eBusiness Application – Multiple XSS Vulnerabilities

Exploit for multiple platform in category web...

Oracle JRE - java.net.URLConnection class Same-of-Origin Policy Bypass

Exploit for windows platform in category remote...

Oracle Virtual Server Agent Command Injection

Exploit for unix platform in category remote...

Blue River Mura CMS Directory Traversal

Exploit for php platform in category web...

Nwahy Web Site Dir 2.2 Database Disclosure Exploit

Exploit for php platform in category web...

IBM Lotus Domino iCalendar Email Address Stack Buffer Overflow

Exploit for windows platform in category remote...

PowerStore™ 3 XSS vuln.

Vuln. discovered by : r0t Date: 09 September 2010 vendor:http://www.webassist.com/php-scripts-and-solutions/powerstore/ orginal advisory:http://pridels-team.blogspot.com/2010/09/powerstore-3-xss-vuln.html affected versions:PowerStore™ 3 and other versions also can be affected. PowerStore™ 3...

SiteEngine CMS 5.1.0 文件上传漏洞

网站引擎(SiteEngine,全称：博卡网站引擎管理系统)，是北京博卡先锋软件开发有限公司于2002年自主研发的，具有知识产权的一款营销型网站建设管理类软件。同时，网站引擎于2004年通过中国软件评测中心CSTC软件产品测试，是获得国家信息产业部认可的软件产品。 软件基于PHP程序和Mysql数据库开发，完全采用B/S体系结构，无客户端，可跨Unix/Lin- ux/FreeBSD/Solaris/Windows(2000/XP/2003/Vista)等操作系统平台应用....

Intel Video Codecs 5.0 - Remote Denial of Service

Intel Video Codecs 5.0 - Remote Denial of...

Intel Video Codecs 5.0 - Remote Denial of Service

...

Rainbowportal Multiple Remote Vulnerabilities

Exploit for asp platform in category web...

[DCA-00014] Dlink WBR-2310 Wireless Router DoS

[DCA-00014] [Software] Dlink WBR-2310 Embedded Web Server [Vendor Product Description] The D-Link RangeBooster G™ WBR-2310 with enhanced 108 features the industry’s first default 108Mbps* “Dynamic Mode” that allows clients to always operate at the highest possible speeds while automatically...

Wind River Systems VxWorks debug service enabled by default

Overview Some products based on VxWorks have the WDB target agent debug service enabled by default. This service provides read/write access to the device's memory and allows functions to be called. Description The VxWorks WDB target agent is a target-resident, run-time facility that is required...

Joomla! Component Gamesbox 1.0.2 - id SQL Injection

Joomla! Component Gamesbox 1.0.2 - id SQL...

TornadoStore 1.4.3 Cross Site Scripting

...

TornadoStore 1.4.3 SQL Injection

...

Joomla! Component Gamesbox 1.0.2 - &#039;id&#039; SQL Injection

...

v-eva.com Classified Script v5.1 SQLi Vulnerability

Exploit for php platform in category web...

linux/x86 chmod 777 polymorphic shellcode 60 bytes

Exploit for linux/x86 platform in category...

PHPAccess - SQL Injection

...

Science Fair In A Box - SQL Injection / Cross-Site Scripting

...

PHP Real Estate Script - SQL Injection

...

GREEZLE - Global Real Estate Agent Site Auth SQL Injection

...