8285 matches found
MyBB < 1.6.10 Multiple Vulnerabilities
According to its version number, the MyBB install hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists due to improper sanitization of user-supplied input during database optimization. - A SQL injection vulnerability exists due to improp...
Oracle Linux 6 : gdb (ELSA-2013-0522)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0522 advisory. - Fix CVE-2011-4355 gdb: arbitrary code execution via .debuggdbscripts' Jan Kratochvil, RH BZ 756116. Tenable has extracted the preceding description block...
activemq: Multiple XSS flaws in web demos
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
http-stored-xss NSE Script
Unfiltered '' greater than sign. An indication of potential XSS vulnerability. See also: http-dombased-xss.nse http-phpself-xss.nse http-xssed.nse http-unsafe-output-escaping.nse Script Arguments http-stored-xss.formpaths The pages that contain the forms to exploit. For example, /upload.php,...
WinAmp 5.63 - Invalid Pointer Dereference Vulnerability
Exploit for windows platform in category dos / poc 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Pointer Issues CWE-465 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: 4,4 AV:L/AC:M/Au:N/C:P/I:P/A:P CVE: CVE-2013-4695 2. CREDITS...
Winamp 5.63 - Stack Buffer Overflow
Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: WinAmp Vendor URL: www.winamp.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2013-06-05 Date published: 2013-07-01 CVSSv2 Score: Bug 1: 7,5 AV:N/AC:L/Au:N/C:P/I:P/A:P Bug 2: 3,7...
VideoLAN VLC Media Player 2.0.7 - '.png' Crash (PoC)
!/usr/bin/python VLC Media Player 2.0.7 PNG Crash PoC Vendor Homepage: http://www.videolan.org/ Version: 2.0.7 Tested on: Windows 7 64-bit Author: Kevin Fujimoto Debug Information: Microsoft R Windows Debugger Version 6.12.0002.633 X86 Copyright c Microsoft Corporation. All rights reserved. wait...
Emerson ROC800 Multiple Vulnerabilities (Update A)
OVERVIEW This updated advisory is a follow-up to the original advisory titled ICSA-13-259-01 Emerson ROC800 Multiple Vulnerabilities that was published September 26, 2013, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...
Emerson ROC800 Multiple Vulnerabilities (Update B)
OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-259-01A Emerson ROC800 Multiple Vulnerabilities that was published December 2, 2014, on the NCCIC/ICS‑CERT web site. This advisory provides mitigation details for multiple vulnerabilities affecting the Emerson...
Schneider Patches 18-Month Old SCADA Bugs
More than 18 months after a security researcher revealed a long list of vulnerabilities in its SCADA products, Schneider Electric has released patches for a subset of those bugs for a couple of the affected products. In December 2011, security researcher Rubén Santamarta disclosed a series of...
Command injection
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...
CVE-2013-3666
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...
[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”
The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...
CVE-2013-0599
IBM Eclipse Help System IEHS, as used in IBM Rational Directory Server 5.1.1 through 5.1.1.2 and 5.2 through 5.2.1 and other products, allows remote attackers to obtain sensitive information by providing a crafted parameter path and then reading the debug information associated with the 500 HTTP...
DEBIAN-CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Keystone (Grizzly 2013.1.1) is affected by CVE-2013-2006: when DEBUG logging is enabled, Keystone can write admin_token and LDAP password in plaintext to log files, enabling local disclosure of sensitive data. The issue is documented in related advisories (RHSA-2013:0806; GHSA-RXRM-XVP4...