2456 matches found
ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls. Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected...
Session fixation
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
ntp: Multiple buffer overflows via specially-crafted packets
Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML...
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
No description provided by source. RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.comhttp://www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilitie...
Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting ...
Simple Web Content Management System 1.1-1.3 - Multiple SQL Injection
No description provided by source. Exploit Title: Simple Web Content Management System SQL Injection Date: May 30th 2012 Author: loneferret Version: 1.1 & 1.3 Application Url: http://www.cms-center.com/ Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23 Discovered by: loneferret Side...
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability
No description provided by source. ============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product:...
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
No description provided by source. =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product: Enterprise Messenger Server...
D-Link DSR Router Series - Remote Root Shell Exploit
No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...
(0Day) VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console RVC provided by the vCenter Server Applianc...
SQL Injection in mAdserve
High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in mAdserve, which can be exploited to execute arbitrary SQL commands in application’s database and compromise vulnerable website. 1 SQL Injection in mAdserve: CVE-2014-2654 1.1 The vulnerability exists due t...
mongodb: memory over-read via incorrect BSON object length
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
This module exploits a buffer overflow vulnerability found in the STOR command of the PCMAN FTP v2.07 Server when the "/../" parameters are also sent to the server. Please note authentication is required in order to trigger the vulnerability. The overflowing string will also be seen on the FTP...
PCMAN FTP Server Post-Authentication STOR Command Stack Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'PCMAN FTP Server Post-Authentication...
Privoxy Proxy - Authentication Information Disclosure
Privoxy Proxy - Authentication Information Disclosure source: https://www.securityfocus.com/bid/58425/info Privoxy is prone to multiple information-disclosure vulnerabilities. Attackers can exploit these issues to gain access to the user accounts and potentially obtain sensitive information. This...
Simple Web Content Management System 1.1 SQL Injection
Exploit Title: Simple Web Content Management System SQL Injection Date: May 30th 2012 Author: loneferret Version: 1.1 Application Url: http://www.cms-center.com/ Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23 Discovered by: loneferret Side note: This application is nothing fancy, a...