osCommerce 2.3.4 - Multiple vulnerabilities

No description provided by source. Title: osCommerce 2.3.4 - Multiple vulnerabilities Date: 10.07.14 Affected versions: = 2.3.4 latest atm Vendor: oscommerce.com Tested on: Apache 2.2.22 at Debian Contact: smash at devilteam.pl Cross Site Scripting 1. Reflected XSS - Send Email Vulnerable...

Medium: json-c

Issue Overview: The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service CPU consumption via crafted JSON data, involving collisions. Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service...

Wordpress Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - email protected Vendor Homepage - http://wpsuportplus.byethost7.com/...

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities

WordPress Plugin WP Support Plus Responsive Ticket System 2.0 - Multiple Vulnerabilities Exploit Title: Wordpress WP Support Plus Responsive Ticket System 2.0 Plugin - Multiple Vulnerabilities Google Dork: N/A Date: 09.09.2014 Exploit Author: Fikri Fadzil - [email protected] Vendor...

[SECURITY] Fedora 20 Update: glibc-2.18-14.fc20

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Debian DSA-3012-1 : eglibc - security update

Tavis Ormandy discovered a heap-based buffer overflow in the transliteration module loading code in eglibc, Debian's version of the GNU C Library. As a result, an attacker who can supply a crafted destination character set argument to iconv-related character conversation functions could achieve...

[SECURITY] [DSA 3013-1] s3ql security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3013-1 [email protected] http://www.debian.org/security/ Florian Weiemr August 27, 2014 http://www.debian.org/security/faq -...

DSA-3013-1 s3ql - security update

Bulletin has no description...

ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities

ESA-2014-071.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-071: RSA Archer® GRC Platform Multiple Vulnerabilities EMC Identifier: ESA-2014-071 CVE Identifier: CVE-2014-2517, CVE-2014-2505, CVE-2014-0640, CVE-2014-0641 Severity Rating: CVSS v2 Base Score: See below for individual scor...

CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

Code injection

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

CVE-2014-2505

EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to trigger the download of arbitrary code, and consequently change the product's functionality, via unspecified vectors...

Siemens Patches DoS Vulnerability in SIMATIC S7

Siemens released an update for one of its automation systems late last week, patching a denial of service vulnerability in all versions of its SIMATIC S7-1500 CPU prior to V1.6. An advisory on the Industrial Control Systems Cyber Emergency Response Team’s ICS-CERT website warned about the...

PWGen - Generator of cryptographically-strong passwords

PWGen is a professional password generator capable of creating large amounts of cryptographically-secure passwords or passphrases consisting of words from a word list. It uses a “random pool ” technique to generate random data based on user inputs keystrokes, mouse handling and volatile system...

How to restore vCenter Server without a vCenter Server

Challenge The vCenter Server is not available and the vCenter Server VM needs to be restored. Solution To restore the vCenter Server, you will need to add one of the individual ESXi hosts to Veeam Backup & Replication, allowing you to target that host directly to restore the vCenter VM. Possible...

Mobile Broadband Modems Seen as Easy Targets for Attackers

LAS VEGAS–Mobile broadband modems can be a great alternative if you can’t find a WiFi network or don’t trust the ones you can find. But many of the models sold by the major manufacturers contain bugs and functionality that a remote attacker can exploit without much difficulty. Much of the market...

MozillaFirefox: Update to Mozilla Firefox 31 (important)

MozillaFirefox was updated to version 31 to fix various security issues and bugs: MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards MFSA 2014-57/CVE-2014-1549 bmo1020205 Buffer overflow during Web Audio buffering for playback MFSA 2014-58/CVE-2014-1550 bmo1020411...

Cross site scripting

Cross-site scripting XSS vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

FengCMS的CSRF漏洞可导致数据库被dump

简要描述： 重要功能未进行csrf token验证导致可被脱裤 详细说明： 后台管理中的数据备份功能未进行csrf token验证。 攻击者制作内容如下的csrf.php并放到attacker.com下面： 随后将http://attacker.com/csrf.php这个URL发送给受害者（网站管理员）。如果管理员在打开该URL时处于登录状态就会以管理员的身份像目标服务器发送备份数据库的请求： ?controller=dbmanage&operate=save&type=0...

Mastery OA 2011-2013 pass to kill GETSHELL-a vulnerability warning-the black bar safety net

Statement: This program applied to a lot of government agencies, educational institutions, as well as the large stream companiesChina Telecom, etc.! Please after reading this don't try to for any use of the program website destruction attack invasion, etc... I made this post purely technical...