2695 matches found
CVE-2015-0235 - GHOST | Cloud Foundry
CVE-2015-0235 – GHOST Critical Vendor Canonical, Red Hat Versions Affected Ubuntu 10.04 Lucid, 12.04 Precise, CentOS 6. Description A heap-based buffer overflow was found in nsshostnamedigitsdots, which is used by the gethostbyname and gethostbyname2 glibc function call. A remote attacker could u...
Cross site scripting
Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...
CVE-2014-7181
Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...
CVE-2014-7181
CVE-2014-7181 concerns the WordPress plugin MaxButtons (MaxButtons WordPress plugin,
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
Advisory ID: HTB23237 Product: MaxButtons WordPress plugin Vendor: Max Foundry Vulnerable Versions: 1.26.0 and probably prior Tested Version: 1.26.0 Advisory Publication: September 24, 2014 without technical details Vendor Notification: September 24, 2014 Vendor Patch: October 2, 2014 Public...
CVE-2014-3566 SSLV3 POODLE | Cloud Foundry
CVE-2014-3566 SSLV3 POODLE Moderate Vendor The SSL protocol 3.0, as used in OpenSSL through 1.0.1i Versions Affected SSLv3 Description SSL 3.0 RFC6101 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0 RFC2246, TLS 1.1 RFC4346 an...
CVE-2014-7186 and CVE-2014-7187 - Bash Out of Bounds | Cloud Foundry
CVE-2014-7186 and CVE-2014-7187 – Bash Out of Bounds Moderate Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 10.04 LTS and 14.04 LTS that include bash through 4.3 bash43-026 Description Off-by-one error in the readtokenword function in parse.y in GNU Bash through 4.3 bash43-026 allows...
CVE-2014-6271 and CVE-2014-7169 - ShellShock | Cloud Foundry
CVE-2014-6271 and CVE-2014-7169 – ShellShock Important Vendor Canonical Ubuntu, CentOS Versions Affected Canonical Ubuntu 10.04 LTS that include bash CentOS 6.5 that include bash Description GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment...
CVE-2014-5119 glib_gconv_translit_find() exploit | Cloud Foundry
CVE-2014-5119 glibgconvtranslitfind exploit Important Vendor Canonical Ubuntu Versions Affected Ubuntu 14.04 LTS Ubuntu 12.04 LTS Ubuntu 10.04 LTS Description Certain applications could be made to crash or run programs as an administrator. Off-by-one error in the gconvtranslitfind function in...
CVE-2014-3153 Futex requeue exploit | Cloud Foundry
CVE-2014-3153 Futex requeue exploit Important to Low Vendor Canonical Ubuntu Versions Affected Linux kernel through 3.14.5 Description The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local...
Design Foundry Cross Site Scripting / SQL Injection
Title: Foundry CMS Multiple Vulnerability + Date: 2014/07/20 + Author: Hekt0r + Vendor Homepage: www.design-foundry.co.uk + Tested on: Windows 7 & Kali Linux + Vulnerable Files: /page.php + Dork : intext:"Site by The Design Foundry" POC: + Sql Injection: http://site/page.php?id=SQL-Injection +...
Foundry CMS Multiple Vulnerability
Title: Foundry CMS Multiple Vulnerability + Date: 2014/07/20 + Author: Hekt0r + Vendor Homepage: www.design-foundry.co.uk + Tested on: Windows 7 & Kali Linux + Vulnerable Files: /page.php + Dork : intext:"Site by The Design Foundry" + Title: Foundry CMS Multiple Vulnerability + Date: 2014/07/20 +...
Belchior Foundry VCard 2.8 Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9910/info It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without havin...
Belchior Foundry VCard 2.9 - Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15207/info vCard is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary remote...
Belchior Foundry vCard Pro 3.1 Addrbook.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15254/info vCard PRO is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could...
Researchers Build Undetectable Dopant Hardware Trojans
Is it so outlandish anymore to consider that an attacker interested in military, political or corporate espionage would be able to infiltrate a supply chain and drop malware onto an integrated circuit? Evidence of hardware-based Trojans is anecdotal at best, and experts believe a change in...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage:...
ManageEngine Device Expert 5.6 Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal
ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...
Accton-based switches (3com, Dell, SMC, Foundry, EdgeCore) Backdoor
Exploit for windows platform in category remote exploits =================================================================== Accton-based switches 3com, Dell, SMC, Foundry, EdgeCore Backdoor =================================================================== On the 15th of august 2009, at the...