Compass 360 Pro Free - Corrupted files, Dynamic Code Loading, External URLs vulnerabilities

HackApp vulnerability scanner discovered that application Compass 360 Pro Free published at the 'play' market has multiple vulnerabilities...

Compass - BSD license, Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Compass published at the 'play' market has multiple vulnerabilities...

Network, Netgear routers are exposed to severe DNS vulnerability,vulnerable to hacking-vulnerability warning-the black bar safety net

! Recently, the network device Netgear routers is found that there is a serious DNS vulnerability, at present, the network member has not yet patched the published vulnerabilities, which allow attackers to tamper with the affected router's DNS settings, it will affect its router security, estimat...

Drupal Compass Rose Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Compass Rose is one of the direction compass modules. A cross-site scripting vulnerability exists in version 6.x-1.0 of the Drupal Compass Rose module, which can be exploited by an...

Compass Rose - Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2015-138

Compass Rose module provides a type of CCK field that allows to represent the most common orientations North, North-East, East, South-East, South, South-West, West and North-West. The module was embedding a JavaScript library from an external source that was not reliable, thereby exposing the sit...

Micro:bit — A Pocket-sized Programmable Computer

The BBC has unveiled the final design of the Micro:bit — a pocket-sized computer board designed to lure U.K. school children to embedded electronics. The Micro:bit is essentially a codeable computer that lets kids get creative with technology. It measures 5cm by 4cm and will be available in...

Soreco AG Xpert.Line 3.0 Authentication Bypass

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Xpert.Line Vendor: Soreco AG 1 CVE ID: CVE-2015-3442 Subject: Authentication Bypass Risk: Critical Effect: Remotely exploitable Author: Alessandro Zala [email protected] Andreas Hunkeler...

Stored XSS Flaw Patched in Thycotic Secret Server

Thycotic, a maker of access-control and other security products, has patched a stored cross-site scripting vulnerability in one of its products that could enable an attacker to steal a victim’s stored passwords. The vulnerability is in the company’s Secret Server product, which is designed to...

SQL injection vulnerability in HIMS-type hotel management system Photo_zh-cn.php page of Beijing Century Compass E-commerce Co.

Beijing Century Compass E-commerce Co., Ltd HIMS-type hotel management system is a set of software to provide management services for hotels, supporting membership, food and beverage, website/mobile application, intelligent cloth, channel distribution, revenue management and so on. There is a SQL...

Nortel Networks Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping. Attackers can exploit this issue to open an audio channel with the phone's microphone...

CVE-2013-1413

COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...

AdNovum NevisWeb Security Proxy Vulnerability - Cross-site scripting (XSS) within 302 Redirections

Hi all, nevisProxy is a Swiss secure reverse proxy with integrated web application firewall WAF. It acts as a central upstream entry point for web traffic to integrated online applications. nevisProxy controls user access and protects sensitive data, applications, services, and systems from...

OpenKM Document Management System 5.1.7 Command Execution

Exploit for jsp platform in category web applications COMPASS SECURITY ADVISORY http://www.csnc.ch/ ID: COMPASS-2012-002 Product: OpenKM Document Management System 5.1.7 1 Vendor: OpenKM http://www.openkm.com/ Subject: Cross-site Request Forgery based OS Command Execution Risk: High Effect:...

National program for Cyber army to be launched in India

National program for Cyber army to be launched in India Increasing attacks on cyberspace in India has brought several professionals and experts from the Industry, in support with the Government of India to jointly form a national level program to identify credible and valuable information securit...

Nortel IP Phone Flooding Denial of Service

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: IP Phone Vendor: Nortel Subject: IP Phone Flooding Denial of Service Risk: High Effect: Currently exploitable Author: Daniel Stirnimann daniel.stirnimann at csnc dot ch Date: October, 18th 2007 Introduction: ------------- A malicious user who...

Nortel UNIStim IP Softphone Buffer-Overflow

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: IP Softphone Vendor: Nortel Subject: UNIStim IP Softphone Buffer-Overflow Risk: High Effect: Currently not exploitable Author: Cyrill Brunschwiler cyrill.brunschwiler at csnc dot ch Date: October, 18th 2007 Introduction: ------------- Floodin...

Nortel Networks - Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerabilities

Nortel Networks - Multiple UNIStim VoIP Products Remote Eavesdrop Vulnerabilities source: https://www.securityfocus.com/bid/26120/info Multiple Nortel Networks UNIStim VoIP telephony products are prone to a remote vulnerability that may allow eavesdropping. Attackers can exploit this issue to ope...

DokuWiki suffers XSS

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: DokuWiki Vendor: DokuWiki Project Subject: Cross-site scripting - XSS Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: July 19th 2007 Introduction: ------------- Compass Security discovered...

Linux Omnikey Cardman 4040 Driver - Local Buffer Overflow (PoC)

Linux Omnikey Cardman 4040 Driver - Local Buffer Overflow PoC / Linux Omnikey Cardman 4040 driver buffer overflow CVE-2007-0005 Copyright C Daniel Roethlisberger Compass Security Network Computing AG, Rapperswil, Switzerland. All rights reserved. http://www.csnc.ch/ / include include include...

Buffer Overflow in Linux Drivers for Omnikey CardMan 4040 (CVE-2007-0005)

COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: Linux Driver for Omnikey CardMan 4040 Vendor: Omnikey GmbH / Harald Welte Subject: Buffer Overflow Risk: Medium Effect: Locally exploitable Author: Daniel Roethlisberger [email protected] Date: 2007-03-07 CVE Name: CVE-2007-0005...