(0Day) EMC Replication Manager Client irccd.exe Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the EMC Replication Manager Client. Authentication is not required to exploit this vulnerability. The Replication Manager client installs a service binds the irccd.exe process to TCP port 6542. Thi...

Ganji is a SQL injection BUG and solution-vulnerability warning-the black bar safety net

| Detail: To unsubscribe from there. $. post'/event/cancelSmsNotify/' , phone : "sdf'dsf" , functionret alert'unsubscribe successful'; Injection parameters phone Vulnerabilityproof: phone=sdf'dsf br / bFatal error/b: Uncaught exception 'Exception' with message '1 0 6 4: You have an error in your...

Firebook 3.100328 Cross Site Scripting / Disclosure

Hello list! I want to warn you about Insufficient Anti-automation, Abuse of Functionality, Information Leakage and Cross-Site Scripting vulnerabilities in Firebook. SecurityVulns ID: 11396. ------------------------- Affected products: ------------------------- Vulnerable are Firebook 3.100328 and...

Новые уязвимости в Firebook

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality, Information Leakage и Cross-Site Scripting уязвимостях в Firebook. Insufficient Anti-automation WASC-21: http://site/index.html?mailto=MG1112008878;file=path/to/guestbook/message.html; На...

MS Windows HID Functionality(Over USB) Code Execution Vulnerability

This host is installed with USB device driver software and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbmswindowshidoverusbcodeexecvuln.nasl 8724 2018-02-08 15:02:56Z cfischer $ MS Windows HID FunctionalityOver USB Code Execution Vulnerability Authors: Antu Sanadi...

Microsoft Windows HID Functionality (Over USB) Code Execution Vulnerability (Jan 2011)

A USB device driver software is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-0651

Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of unspecified length fields is greater than a certain value...

SimpGB 1.49.02 Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Brute Force, Insufficient Anti-automation and Abuse of Functionality vulnerabilities in SimpGB. ------------------------- Affected products: ------------------------- Vulnerable are SimpGB v1.49.02 and previous versions. ---------- Detail...

Новые уязвимости в SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force, Insufficient Anti-automation и Abuse of Functionality уязвимостях в SimpGB. XSS WASC-08: POST запрос на странице http://site/guestbook.php в параметрах poster, postingid и location в функции Preview. Если в...

CVE-2011-0639

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...

Null pointer dereference

Microsoft Windows does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that...

Default configuration

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...

CVE-2011-0398

The PiwikCommon::getIP function in Piwik before 1.1 does not properly determine the client IP address, which allows remote attackers to bypass intended geolocation and logging functionality via 1 use of a private aka RFC 1918 address behind a proxy server or 2 spoofing of the X-Forwarded-For HTTP...

Новые уязвимости в eSitesBuilder

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, Insufficient Anti-automation и Abuse of Functionality уязвимостях eSitesBuilder. Это украинская коммерческая CMS - движок для онлайн магазинов. XSS WASC-08:...

Новые уязвимости в Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в Joomla. Уязвимости имеют место в компоненте commailto, который является стандартным компонентом Joomla. Детально о подобных Insufficient Anti-automation и...

Joomla 1.5.22 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about Insufficient Anti-automation, Abuse of Functionality and Cross-Site Scripting vulnerabilities in Joomla. Vulnerabilities exist in component commailto, which is a core component of Joomla. ------------------------- Affected products:...

php5 -- Denial of Service in php_date_parse_tzfile()

MITRE CVE team reports: Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service memory consumption by triggering many strtotime function calls, which are not properly handled by the phpdateparsetzfile cache...

Уязвимости в Joomla

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation и Abuse of Functionality уязвимостях в Joomla. Уязвимости имеют место в компоненте comcontact, который является стандартным компонентом Joomla. Детально о подобных уязвимостях, о рассылке спама через сайты и создании...