3636 matches found
PT-2012-6275 · Carlo Gavazzi · Eos-Box
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to obtain administrative access by reading a password in a PHP script. This is due to the establishment of multiple hardcoded accounts...
PT-2012-6274 · Carlo Gavazzi · Eos-Box
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or modification. This is achieved through SQL injectio...
MyBB KingChat Plugin Persistent XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork...
MyBB KingChat Plugin - Persistent Cross-Site Scripting
Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork inurl:/kingchat.php? you will see multiple forums running thi...
MyBB Kingchat Cross Site Scripting
Exploit Title: MyBB 'kingchat' chat-box plugin. Google Dork: inurl:/kingchat.php? Date: 8/12/12 Author: VipVince Vendor Homepage: http://mods.mybb.com/ Software LinK: http://mods.mybb.com/view/kingchat Tested on: Windows Using the dork inurl:/kingchat.php? you will see multiple forums running thi...
Stable Update for Chrome OS
The Stable channel has been updated to 23.0.1271.94 Platform version: 2913.224.0 for all Chrome OS Devices. This build contains a number of new features, bug fixes and security improvements. Machines will be receiving updates over the next several days. Release Highlights: Updated default apps...
Apple WGT Dictionnaire 1.3 Script Code Injection
Title: ====== Apple WGT Dictionnaire 1.3 - Script Code Inject Vulnerability Date: ===== 2012-11-27 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=774 VL-ID: ===== 774 Common Vulnerability Scoring System: ==================================== 2.3 Introduction:...
WordPress Ads Box Plugin - SQL Injection
This WordPress Ads Box plugin's "count" parameter is prone to an SQL injection. This vulnerability allows an attacker to modify data, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...
Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability
Document Title: =============== Apple WGT Dictionnaire 1.3 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=774 Release Date: ============= 2012-11-26 Vulnerability Laboratory ID VL-ID: ==================================== 7...
WordPress Plugin Ads Box - count SQL Injection
WordPress Plugin Ads Box - count SQL Injection source: https://www.securityfocus.com/bid/56681/info The Ads Box plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit thi...
WordPress Plugin Ads Box - 'count' SQL Injection
source: https://www.securityfocus.com/bid/56681/info The Ads Box plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to compromise the application, access o...
WordPress Ads Box SQL Injection
|| | || || | | | | 0 | In the name of GOD | -|- | | | ||||| Exploit Title: Wordpress Ads box Plugin Sql | Injection Vulnerability | Google Dork:"inurl:/iframeampl.php" Exploit Author: Ashiyane Digital Security Team Category: Web Application Tested on: Windows 7 | | Location:...
MagicMail Mike g & e-mail system XSS and absolute path vulnerability-vulnerability warning-the black bar safety net
This morning in the Black Box testing of the local education network of the time to find a mail system vulnerability Comprising a reflectiveXSS as well as the absolute path to the leak Looked at looks like all is linux. Keywords: Mike g & e-mail system by MagicMail ! You can see a lot of governme...
PrestaShop <= 1.5.1 Persistent XSS Vulnerability
Exploit for php platform in category web applications PrestaShop or embed src='data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc 3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9y Zy8xOTk5L3hsaW5rIiB2ZXJza...
PrestaShop 1.5.1 Cross Site Scripting
PrestaShop or embed src='data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc 3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9y Zy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAi...
SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8286)
LibreOffice was updated to SUSE 3.5 bugfix release 13 based on upstream 3.5.6-rc2 which fixes a lot of bugs. The following bugs have been fixed : - polygon fill rule. bnc759172 - open XML in Writer. bnc777181 - undo in text objects fdo36138 - broken numbering level. bnc760019 - better MathML...
CVE-2012-3221
CVE-2012-3221 affects Oracle VirtualBox (Oracle VM VirtualBox component) for versions 3.2, 4.0, and 4.1. The root cause is described as incorrect interrupt handling in VirtualBox core, enabling a local attacker to cause a denial of service. Public details in connected sources include Debian DSA a...
CVE-2012-3221
Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on...
PinkiePie Strikes Again, Compromises Google Chrome in Pwnium Contest at Hack in the Box
For the second time this year, an anonymous teenage security researcher has succeeded in producing a full exploit, including a sandbox escape, against Google Chrome. The researcher, who uses the pseudonym PinkiePie, submitted his exploit Wednesday during the Pwnium contest run by Google at the Ha...
Carlo Gavazzi EOS Box Multiple Vulnerabilities
Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...