CVE-2011-3133

The CVE affects TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1. It is a session-fixation vulnerability that allows remote attackers to hijack web sessions via unspecified vectors. Remediation pe...

CVE-2011-3134

CVE-2011-3134 affects TIBCO Spotfire Server 3.0.x (before 3.0.2), 3.1.x (before 3.1.2), 3.2.x (before 3.2.1), 3.3.x (before 3.3.1) and Spotfire Analytics Server before 10.1.1. The reported issue is a SQL injection vulnerability exploitable via a crafted URL that allows remote attackers to modify ...

CVE-2011-3132

Summary: CVE-2011-3132 affects TIBCO Spotfire platforms. The vulnerability is an XSS flaw in Spotfire Server (versions 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, 3.3.x before 3.3.1) and Spotfire Analytics Server before 10.1.1, enabling remote attackers to inject arbitrary web scr...

CVE-2011-3133

Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1, allows remote attackers to hijack web sessions via unspecified vectors...

Legal Threat Pushes Former HBGary Federal CEO Out Of DEFCON

Former HBGary Federal CEO Aaron Barr says he will withdraw from a planned appearance at the DEFCON conference in the face of threatened legal action over his plans to take part in a panel discussion there. Barr notified DEFCON organizers on Wednesday that he was withdrawing from the Aug. 6 panel...

CVE-2011-2241

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server...

CVE-2011-2241

Technical details about CVE-2011-2241 are not publicly available in the provided documents. Monitor for updates.

CVE-2011-2241

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server...

Spring Source OXM Remote OS Command Injection when XStream and IBM JRE are used

Reference: http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/html/oxm.htmld0e26722 Product: Spring Source OXM Object/XML Mapping Vendor: VMware Vulnerable Version: 3.0.4 only when XStream and IBM JRE are used Status: Fixed Vendor Notification: 12 October 2010 Vendor Fix:...

http-affiliate-id NSE Script

Grabs affiliate network IDs e.g. Google AdSense or Analytics, Amazon Associates, etc. from a web page. These can be used to identify pages with the same owner. If there is more than one target using an ID, the postrule of this script shows the ID along with a list of the targets using it. Support...

Web Statistics And Analytics CMS SQL Injection

In The Name Of GOD + Exploit Title: Web Statistics & Analysis CMS SQL Injection Vulnerability + Date: 2010-11-14 + Author : Cru3l.b0y + Software Link: http://techscape.co.id/market/ + Contact : [email protected] + Website : WwW.PenTesters.IR + Greeting: Behzad, Ahmad,...

Injecting Fake Updates: Evilgrade

Evilgrade is a modular framework that allows the user to take advantage of poor upgrade implementations by injecting fake updates. It comes with pre-made binaries agents, a working default configuration for fast pentests, and has it’s own WebServer and DNSServer modules. Easy to set up new...

Hack Puts Spotlight on Malware's Long Tail: Parked Domains

They’re the dusty corners of the Web: so-called “parked” domains. But these little trafficked sites are attracting the attention of security experts, who say that it’s time for hosting firms and others that profit from them to clean up malware infections that may be exposing millions of Web users...

CVE-2010-2677

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...

CVE-2010-2676

Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...

Directory traversal

Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...

Remote file inclusion

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...

CVE-2010-2676

Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...

CVE-2010-2677

PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...