SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities

SkaD...

Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting

Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities input type="hidden" name="formname"...

HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)

An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

Omeka < 2.2.1 Multiple Vulnerabilities

Binary data 8330.prm...

Cisco Patches Wireless Residential Gateway Vulnerabilities

US-CERT issued an advisory yesterday warning of a critical vulnerability in Cisco’s Wireless Residential Gateway. Cisco has patched the vulnerability and also released its own warning, informing customers of a remote code execution vulnerability in the web server used by the gateway that is prese...

Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

html...

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Omeka...

Omeka 2.2 - CSRF And Stored XSS Vulnerability

Omeka version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. !-- Omeka 2.2 CSRF And Stored XSS Vulnerability Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2 Summary: Omeka is a free, flexible, and open source...

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

D-Link info.cgi POST Request Buffer Overflow

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include...

Elipse E3 Scada PLC Denial Of Service

VSLA Security Advisory FIRE-SCADA-DOS-2013-001: Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC. LEVEL: EXTREME In our tests authorized by the customer, we can stop the entire plant. Published: 10/29/2013 Version: 1.0 Vendor: Elipse...

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

Ericom AccessNow Server Stack Buffer Overflow (CVE-2014-3913)

A stack buffer overflow vulnerability exists in Ericom AccessNow Server. The vulnerability is due to improper handling of specially crafted HTTP requests for non-existent files. A remote attacker can exploit this vulnerability by sending a crafted HTTP request...

ODAT - Oracle Database Attacking Tool

ODAT Oracle Database Attacking Tool is an open source penetration testing tool that test the security of Oracle Databases remotely. Usage examples of ODAT: You have an Oracle database listening remotely and want to find valid SIDs and credentials in order to connect to the database You have a val...

SchneiderWEB Server Directory Traversal Vulnerability

OVERVIEW Independent researcher Billy Rios has identified a directory traversal vulnerability in Schneider Electric’s SchneiderWEB, a web HMI. Schneider Electric has produced a firmware update that mitigates this vulnerability. Billy Rios has tested the update to validate that it resolves the...

QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability

No description provided by source. E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: http://www.securityfocus.com/bid/1237/info Various shopping cart applications u...

Netbula Anyboard 9.9.5 6 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8490/info A vulnerability has been reported in Netbula Anyboard that may allow a remote attacker to gain access to sensitive data. This problem is due to an information disclosure issue that can be triggered by an attacke...

Mailtraq 2.2 Browse.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7813/info Mailtraq is vulnerable to cross-site scripting attacks. The vulnerability exists due to insufficient sanitization of HTTP requests to the vulnerable Mailtraq server. An attacker can exploit this vulnerability by...

MiniShare Server 1.3.2 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10417/info Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests. This issue will allow an attacker to cause the...

Whale Communications e-Gap Security Appliance 2.5 Login Page Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9431/info The e-GAP appliance has been reported prone to a source code disclosure vulnerability. It has been reported that, when the affected appliance handles unexpected HTTP requests it may divulge the source code of th...