Measuresoft ScadaPro Multiple Security Vulnerabilities

Measuresoft ScadaPro SCADA Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Path traversal

admin/core/adminfunc.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the 1 dir parameter in a fileman or 2 filemanview action. NOTE: this...

HP Application Lifecycle Management ActiveX Control Arbitrary File Overwrite

Added: 10/09/2012 BID: 55272 OSVDB: 85059 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

[SECURITY] Fedora 17 Update: libxml2-2.7.8-9.fc17

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

Moderate: Red Hat Security Advisory: postgresql security update

Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2012-3454

eXtplorer 2.1.0b6 uses world writable permissions for the /var/lib/extplorer/ftptmp directory, which allows local users to delete or overwrite arbitrary files...

CVE-2012-3453

CVE-2012-3453 affects logol 1.5.0, where the /var/lib/logol/results directory uses world-writable permissions, enabling local users to delete or overwrite arbitrary files. The root cause is insecure directory permissions. No explicit exploit details or active exploitation are provided in the conn...

WebPagetest Multiple Input Validation Vulnerabilities

WebPagetest is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2012-2627

d4d/uploader.php in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request...

Symantec Web Gateway Local File Manipulation Authentication Bypass Vulnerability

Symantec Web Gateway is prone to a local authentication-bypass vulnerability SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GLSA-201206-24 : Apache Tomcat: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-24 Apache Tomcat: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Apache Tomcat. Please review the CVE identifiers referenced below for details. Impact : The vulnerabilities allow an attacker to...

PBBoard 2.1.4 - Local File Inclusion

PBBoard 2.1.4 - Local File Inclusion Exploit Title: PBBoard 2.1.4 Local File Inclusion Software Link: http://www.pbboard.com/PBBoardv2.1.4.zip Author: n4ss1m Date: 25-05-2012 Tested on: win/linux Home : www.Sec4ever.com Exploit-DB note: Need to be logged in, at the very least, as a standard user ...

Cpanel 11.X Multiple CSRF Vulnerability

Exploit for php platform in category web applications Cpanel 11.X Multiple CSRF Vulnerability ==================================================================== .:. Author : AtT4CKxT3rR0r1ST email protected .:. Script : http://www.cpanel.net/ .:. Gr34T$ T0 aboud-el === Exploit === Add File...

CVE-2012-2341

Cross-site request forgery CSRF vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files...

CVE-2012-2341

Cross-site request forgery CSRF vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax requests that manipulate files...

CVE-2012-2341

The Drupal Take Control module (6.x-2.x) is affected by a CSRF vulnerability in Ajax requests that manipulate files due to insufficient validation. Versions prior to 6.x-2.2 allow remote attackers to hijack user authentication for these requests. Remediation: upgrade to Take Control 6.x-2.2 (or l...

Multiple vulnerabilities in Open Journal Systems (OJS)

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities

Document Title: =============== Flatnux CMS 2011 08.09.2 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=487 Release Date: ============= 2012-03-31 Vulnerability Laboratory ID VL-ID: ==================================== 487...

nginx: Multiple vulnerabilities

Background nginx is a robust, small, and high performance HTTP and reverse proxy server. Description Multiple vulnerabilities have been found in nginx: The TLS protocol does not properly handle session renegotiation requests CVE-2009-3555. The "ngxhttpprocessrequestheaders" function in...