3678 matches found
Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Overview Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Yahoo Japan Corporation reported this vulnerability to JPCERT/CC to notify users of this issue through JVN. JPCERT/CC coordinated with Yahoo Japan...
JVN#48270605: Yahoo! Japan Box for Android issue where it fails to verify SSL server certificates
Yahoo! Japan Box for Android provided by Yahoo Japan Corporation contains an issue where it fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version...
Box Detection via DNS
Binary data 8431.prm...
CVE-2014-5881
The Yahoo! Japan Box aka jp.co.yahoo.android.ybox application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Yahoo! Japan Box aka jp.co.yahoo.android.ybox application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5881
The Yahoo! Japan Box aka jp.co.yahoo.android.ybox application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5881
The CVE-2014-5881 issue affects Yahoo! Japan Box for Android (jp.co.yahoo.android.ybox) where the app fails to verify SSL server certificates in versions up to 1.5.4 (and earlier), enabling man-in-the-middle attackers to decrypt or spoof traffic. Root cause: improper SSL certificate verification ...
IBM Sametime Meet Server 8.5 Arbitrary File Upload
Exploit Title: IBM Sametime Meet Server 8.5 Arbitrary File Upload Google Dork: intitle:"New Meet - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:P/A:P CVE-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3088...
FritzBox Webcm Unauthenticated Command Injection
A remote command injection vulnerability has been reported in different Fritz!Box devices. The vulnerability is due to insufficient validation within the web-based Interface. A remote attacker can exploit this vulnerability by submitting a maliciously crafted request to the web-based Interface...
Ads Box - iframe_ampl.php count Parameter SQL Injection
The ads-box WordPress plugin was affected by an iframeampl.php count Parameter SQL Injection security vulnerability...
wordpress-simple-shout-box - SQL Injection
The wordpress-simple-shout-box WordPress plugin was affected by a SQL Injection security vulnerability...
[SECURITY] Fedora 20 Update: ffgtk-0.8.6-7.fc20
Fritz Fun ffgtk is a clean solution for controlling the FRITZ!Box or compatible router with Linux. It offers a rich feature list, including call er monitor and fax support. It offers integration with the KDE, evolution and Thurderbird address books. Some plug-ins are packaged separately...
SysExporter - Grab data from list-view, tree-view, combo box, WebBrowser control, and text-box
SysExporter utility allows you to grab the data stored in standard list-views, tree-views, list boxes, combo boxes, text-boxes, and WebBrowser/HTML controls from almost any application running on your system, and export it to text, HTML or XML file. Here's some examples for data that you can expo...
ActiTime 2.0-MA CSRF Vulnerability
No description provided by source. |------------------------------------------------------------------| | | | / / / / | | / / / / / / / \ / / / / \ | | / // // / / / / / // / / / / / // / // / / / / / / | | /// //,// // //,// // // | | | | http://www.corelan.be:8800 | |...
Synactis PDF In-The-Box ConnectToSynactic Stack Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities
No description provided by source. Exploit Title: Vanilla Forums = 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF Google Dork: n/a Date: 13/4/13 Exploit Author: Henry Hoggard Vendor Homepage: http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin Software Link:...
CoolPlayer 2.19 - (Skin File) Local Buffer Overflow Exploit
No description provided by source. / CoolPlayer 2.19 Skin File Local Buffer Overflow Exploit Advisory: http://www.bmgsec.com.au/advisory/43/ Test box: WinXP Pro SP2 English Code reference is in skin.c, lines 464 - 480 Written and discovered by: r0ut3r writ3r at gmail.com / www.bmgsec.com.au /...
chkrootkit 0.49 - Local Root Vulnerability
No description provided by source. We just found a serious vulnerability in the chkrootkit package, which may allow local attackers to gain root access to a box in certain configurations /tmp not mounted noexec. The vulnerability is located in the function slapper in the shellscript chkrootkit:...
Joomla Component Juke Box com_jukebox Local File Inclusion Vulnerability
No description provided by source...
Wireshark 1.10.7 - DoS PoC
No description provided by source. !/usr/bin/python Exploit Title: Wireshark Read Access Violation near NULL starting at libcairo2!cairoimagesurfacegetdata Date: May 15th 2014 Author: Osanda Malith Jayathissa E-Mail: osandajayathissaatgmail.com Version: 1.10.7 32-bit and 64-bit Vendor Homepage:...