Novell NetIQ Identity Manager HTML Injection Vulnerability (CNVD-2016-10657)

NetIQ Designer for Identity Manager is a suite of graphical interface tools for configuring and deploying Identity Manager, a comprehensive solution for providing identity and control access, from NetIQ USA. An HTML injection vulnerability exists in Novell NetIQ Identity Manager. An attacker coul...

FruityArmor APT Group Used Recently Patched Windows Zero Day

One of the four zero-day vulnerabilities Microsoft patched last week was being used by an APT group called FruityArmor to carry out targeted attacks, escape browser-based sandboxes, and execute malicious code in the wild. Anton Ivanov, a researcher at Kaspersky Lab, was credited by Microsoft for...

Resurrection of the Evil Miner

At FireEye Labs, we recently detected the resurgence of a coin mining campaign with a novel and unconventional infection vector in the form of an iFRAME inline frame – an HTML document embedded inside another HTML document on a web page that allows users to get content from another separate sourc...

Safari User-Assisted Applescript Exec Attack

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by...

Adobe Flash Player - domainMemory ByteArray Use-After-Free (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Adobe Flash Player domainMemory ByteArray Use After Free', 'Description' = %q This module exploits a use-after-free vulnerability in...

Oracle Data Quality LoaderWizard DataPreview Type Obfuscation Remote Code Execution Vulnerability

Oracle Data Quality is the United States Oracle Oracle company's set of software provides a comprehensive data quality management environment. The software supports data management, data integration and data migration. A remote code execution vulnerability exists in the TSS12.LoaderWizard.lwctrl...

Windows Phone Sandbox Holds Up at Mobile Pwn2Own

The Mobile Pwn2Own hacking contest ended today as did the PacSec Applied Security Conference in Tokyo with hackers unable to gain complete control over a Windows Phone and the latest version of the Android mobile OS. Contest sponsors HP said two competitors, Nico Joly and Juri Aedla, were able to...

Netgear DGN2200 1.0.0.29_1.7.29_HotS - Password Disclosure

Exploit Title: Password Disclosure vulnerability Software: NETGEAR DGN2200 Software Link: netgear.com Version: DGN2200 Author: Dolev Farhi, email: dolevatopenflaredotorg Date: 23.7.2014 Tested on: Kali Linux Firmware 1.0.0.291.7.29HotS 2. Vulnerability Description: ===============================...

Fonality trixbox - endpoint_generic.php SQL Injection

Fonality trixbox - endpointgeneric.php SQL Injection source: https://www.securityfocus.com/bid/68720/info Trixbox is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site scripting vulnerability 3. Multiple local file-include vulnerabilities 4. A remot...

PwnStar - Script for multi attack (for all your fake-AP needs!)

A bash script to launch a Soft AP, configurable with a wide variety of attack options. Includes a number of index.html and server php scripts, for sniffing/phishing. Can act as multi-client captive portal using php and iptables. Launches classic exploits such as evil-PDF. De-auth with aireplay,...

Comersus Cart 7.0.7 comersus_customerAuthenticateForm.asp redirectUrl XSS

No description provided by source. source: http://www.securityfocus.com/bid/24562/info Comersus Cart is affected by multiple input validation vulnerabilities. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the...

osCommerce 2.2 admin/specials.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...

VBZooM Forum 1.11 contact.php UserID Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16956/info VBZooM Forum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issue...

Contenido CMS 4.8.12 XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22635 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincontenidocms.html Product: Contenido CMS Vendor: four for business AG http://www.contenido.org/ Vulnerable Version: 4.8.12 and Probably Prior Versions Vendor Notification: 29...

Commercial Interactive Media SCOOP! 2.3 articleZone.asp Invalid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16015/info Commercial Interactive Media SCOOP! is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

WordPress 2.3.2 - wp-admin/invites.php to Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the brows...

Plague News System 0.7 CID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An attacker may leverag...

THELIA 1.4.2.1Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37855/info THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the brows...

OZJournals 1.5 - Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/19311/info OZJournal is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to execute arbitrary HTML and script...

Dreamcost HostAdmin 3.1 'index.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31538/info Dreamcost HostAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in t...