CVE-2013-3593

CVE-2013-3593 affects Baramundi Management Suite versions 7.5–8.9, where (1) client–server communication and (2) data storage are handled in cleartext. This enables sensitive data to be obtained by sniffing network traffic and may expose credentials stored on deployed systems. Vendor notes indica...

CVE-2013-3624

The OS deployment feature in Baramundi Management Suite 7.5 through 8.9 stores credentials in cleartext on deployed machines, which allows remote attackers to obtain sensitive information by reading a file. NOTE: this ID was also incorrectly mapped to a separate issue in Oracle Outside In, but th...

Directory traversal

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php...

[jSQL Injection v0.5] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. jSQL Injection change log - version 0.5 0.5 SQL shell Uploader 0.4 Admin page checker and preview Brute forcer md5...

CVE-2013-5979

Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter to index.php...

CVE-2013-5487

CVE-2013-5487 affects Cisco Prime Data Center Network Manager (DCNM) DCNM-SAN Server prior to version 6.2(1). The vulnerability permits remote attackers to read arbitrary files. Root cause cited in multiple sources is insecure DownloadServlet handling (lack of authentication and insufficient inpu...

MGASA-2013-0272 Updated php-pear-Auth_OpenID package fixes security vulnerability

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

CVE-2013-4701

Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via XRDS data containing an external entity declaration in conjunction with an entity...

Default credentials

The Intelligent Platform Management Interface IPMI implementation in Integrated Management Module IMM on IBM BladeCenter, Flex System, System x iDataPlex, and System x3 servers uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information by reading...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

Exponent CMS Multiple Vulnerabilities

Exponent CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exponentcms:exponentcms";...

WordPress Advanced XML Reader 0.3.4 XXE Injection

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which...

FreeBSD : php5 -- Multiple vulnerabilities (1d23109a-9005-11e2-9602-d43d7e0c7c02)

The PHP development team reports : PHP does not validate the relationship between the soap.wsdlcachedir directive and the openbasedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. The...

[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

CVE-2011-3201

GNOME Evolution before 3.2.3 allows user-assisted remote attackers to read arbitrary files via the attachment parameter to a mailto: URL, which attaches the file to the email...

Debian: Security Advisory (DSA-2639-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

PT-2013-14: XML External Entities Injection in PHP

The specialists of Positive Technologies have detected an "XXE" vulnerability in PHP. The vulnerability was detected in the PHP's built-in SoapClient and SoapServer classes. PHP allows the use of external entities while parsing SOAP wsdl files which allows an attacker to read arbitrary files. If ...