Vulnerability in "Fujitsu Desktop Update" (for Windows)

Hi @ll, Fujitsu's update utility "Fujitsu Desktop Update" see http://support.ts.fujitsu.com/DeskUpdate/Index.asp, which is factory-preinstalled on every Fujitsu Siemens PC with Windows, has a vulnerability which allows the execution of a rogue program in the security context of the current user...

Foe CMS 1.6.5 - Multiple Vulnerabilities

Foe CMS 1.6.5 - Multiple Vulnerabilities Title: Foe CMS 1.6.5 SQL Injection Vulnerability Vendor: http://foecms.com/ Download: http://code.google.com/p/foecms/downloads/list Versions: 1.6.5 Platform: linux, windows Bug: SQL Injection | Cross Site Scripting...

Foe CMS 1.6.5 - Multiple Vulnerabilities

Title: Foe CMS 1.6.5 SQL Injection Vulnerability Vendor: http://foecms.com/ Download: http://code.google.com/p/foecms/downloads/list Versions: 1.6.5 Platform: linux, windows Bug: SQL Injection | Cross Site Scripting ------------------------------------------------------- 1 Introduction 2 Bug 3...

Sandbox-Bypass Exploits Hacks Java 7u21 Update

Optimism and praise followed last week’s Java critical patch update. Oracle not only patched 42 vulnerabilities in the Java browser plug-in, but also added new code-signing restrictions and new prompts warning users when applets are potentially malicious. It took less than a week, however, to...

Java 7u21 Released with Code-Signing Restrictions, Warnings

The latest Java update released Tuesday includes new prompts warning users of potentially malicious applets, in addition to patches for 42 vulnerabilities, all but three of which are remotely exploitable. Java 7 update 21 is part of Oracle’s scheduled Critical Patch Updates for the program and...

HPSBHF02865 SSRT101158 rev.2 - HP ElitePad 900, Secure Boot Configuration Inconsistency

Potential Security Impact Secure Boot configuration inconsistency VULNERABILITY SUMMARY A potential vulnerability has been identified with certain HP ElitePad tablet PCs. The secure boot feature of the BIOS may not be enabled, allowing alternate operating systems to be booted in contradiction wit...

Java JRE Universally Enabled

Java JRE has not been universally disabled on the remote host via the Java control panel. Note that while Java can be individually disabled for each browser, universally disabling Java prevents it from running for all users and browsers. Functionality to disable Java universally in Windows may no...

TP-Link TL-WR740N Wireless Router - Denial of Service

TP-Link TL-WR740N Wireless Router - Denial of Service !/usr/local/bin/perl TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.16.4 Build 130205 Rel.63875n...

TP-Link TL-WR740N Wireless Router Remote Denial Of Service

The TP-Link WR740N Wireless N Router network device is exposed to a remote denial of service vulnerability when processing a HTTP request. This issue occurs when the web server httpd fails to handle a HTTP GET request over a given default TCP port 80. Sending a sequence of three dots ... to the...

TP-Link TL-WR740N Wireless Router Remote Denial Of Service

!/usr/local/bin/perl TP-Link TL-WR740N Wireless Router Remote Denial Of Service Exploit Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.us Affected version: - Firmware version: 3.16.4 Build 130205 Rel.63875n Released: 2/5/2013 - Hardware version: WR740N v4 00000000...

Smoke Loader LFI / File Deletion

Two other vulnerabilities I forgot to mention, lfi and file deletion via control.php. The user must be logged into the administrative panel. 1. LFI GET http://evilserver.net/control.php?act=dwnshell&file=../../../../etc/passwd Enter username for Who are you? at evilsite.net:80:eviladmin Password:...

CVE-2013-1489

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

Security feature bypass

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 10 and Update 11, when running on Windows using Internet Explorer, Firefox, Opera, and Google Chrome, allows remote attackers to bypass the "Very High" security level of the Java Control Panel and...

IM Sources Control Panel SQL Injection Vulnerability

Exploit for php platform in category web applications ------------------------------------------------------------------------------- SQL Injection To access the Control Panel Script IM Sources -------------------------------------------------------------------------------- Author = Soly Hacler...

iDev Rentals 1.0 - Multiple Vulnerabilities

Title: ====== iDev Rentals v1.0 - Multiple Web Vulnerabilities Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=760 VL-ID: ===== 758 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

Parallels Plesk v11.0.9b - Multiple Web Vulnerabilities

Document Title: =============== Parallels Plesk v11.0.9b - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=714 Reward: 3000$ Release Date: ============= 2012-11-01 Vulnerability Laboratory ID VL-ID:...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Date: ===== 2012-10-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=721 VL-ID: ===== 721 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities

Document Title: =============== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=721 Release Date: ============= 2012-10-08 Vulnerability Laboratory ID VL-ID: ==================================== 7...

vOlk Botnet Framework v4.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Title: ====== vOlk Botnet Framework v4.0 - Multiple Web Vulnerabilities Introduction: ============= vOlk-Botnet v4.0 is a remote administration tool, its main function is to manage the HOSTS file of the windows operating systems The code creat...

Sciretech 3.0.0 SQL Injection / CSRF Vulnerability

Exploit for php platform in category web applications ========================================================= Vulnerable Software: Sciretech ® Multimedia Manager Version 3.0.0 Aka: Sciretech ® File Manager Version 3.0.0 Official site: www.sciretech.com Vulnerabilities: Blind SQL Injection And...