MC Content Manager 10.1.1 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MC Content Manager. It's Ukrainian commercial CMS. ------------------------- Affected products: ------------------------- Vulnerable are potentially all versions o...

XSS, AoF и IAA уязвимости в MC Content Manager

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в системе MC Content Manager. Это украинская коммерческая CMS. XSS WASC-08: Уязвимости на страницах регистрации и восстановления пароля. http://websecurity.com.ua/uploads/2011/MC20Content20Manager20XSS.html...

(0Day) IBM Lotus Domino Server Controller Authentication Bypass Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Lotus Domino Server Controller. Authentication is not required to exploit this vulnerability. The flaw exists within the remote console functionality which listens by default on TCP port 2050. When...

Unfixed XSS vulnerability at www.southsoundchristian.org

Security researcher P0W3RFU7, has submitted on 14/03/2011 a cross-site-scripting XSS vulnerability affecting www.southsoundchristian.org, which at the time of submission ranked 3792048 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/12/2011...

CVE-2011-0167

The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site...

CVE-2011-1198

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."...

CVE-2011-1198

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."...

Out-of-bounds

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."...

CVE-2011-1198

The CVE-2011-1198 entry concerns Google Chrome’s video functionality prior to version 10.0.648.127. The vulnerability arises from a malformed out-of-bounds structure which can be triggered by unspecified vectors, leading to a denial-of-service and possibly other unspecified impacts. The provided ...

CVE-2011-1198

The video functionality in Google Chrome before 10.0.648.127 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger use of a malformed "out-of-bounds structure."...

CVE-2011-1198

Removed by vendor...

Citrix Licensing Administration Console Security Bypass And Denial Of Service Vulnerabilities

This host is installed with Citrix Licensing Administration Console and is prone to security bypass and denial of service vulnerabilities. OpenVAS Vulnerability Test $Id: gbcitrixlicensingadminconsolemultvuln.nasl 7019 2017-08-29 11:51:27Z teissa $ Citrix Licensing Administration Console Security...

Fedora 15 : asterisk-1.8.3-1.fc15 (2011-2360)

The Asterisk Development Team has announced the release of Asterisk 1.8.3. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/ The release of Asterisk 1.8.3 resolves several issues reported by the community and would have not been possible...

CVE-2010-4746

Multiple memory leaks in the normalization functionality in 389 Directory Server before 1.2.7.5 allow remote attackers to cause a denial of service memory consumption via "badly behaved applications," related to 1 SlapiAttr mishandling in the DN normalization code and 2 pointer mishandling in the...

Remember Me filter not working for FishEye/Crucible

The current implementation of the FishEye filter still require that the Remember Me cookie have the encrypted credentials for the user, what is no longer true as that pose a major security vulnerability. The filter should rely on the JIRA Remember Me funcionality. If the user logged in using the...

Brute Force и Abuse of Functionality уязвимости в Drupal

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Brute Force и Abuse of Functionality уязвимостях в Drupal. Brute Force WASC-11: В форме логина http://site/user/ не реализована надёжная защита от подбора пароля. В самом Drupal капчи нет, а существующий Captcha модуль...

JAKCMS 2.01 - Code Execution

!/usr/bin/python JAKCMS query$sql; if $jakdb-affectedrows 0 $row = $result-fetchassoc; $SESSION'JAKLoggedIn' = true; Additionally, functionality in the backend, allows an administrative user to add a "phphook" whereby ad...

Unfixed XSS vulnerability at www.softline.am

Security researcher Sony, has submitted on 19/02/2011 a cross-site-scripting XSS vulnerability affecting www.softline.am, which at the time of submission ranked 6968697 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/12/2011. It is currently...

CVE-2011-0712

Multiple buffer overflows in the caiaq Native Instruments USB audio functionality in the Linux kernel before 2.6.38-rc4-next-20110215 might allow attackers to cause a denial of service or possibly have unspecified other impact via a long USB device name, related to 1 the sndusbcaiaqaudioinit...

CVE-2011-0045

The Trace Events functionality in the kernel in Microsoft Windows XP SP3 does not properly perform type conversion, which causes integer truncation and insufficient memory allocation and triggers a buffer overflow, which allows local users to gain privileges via a crafted application, related to...