mUnky 0.01'index.php' Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30705/info mUnky is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. Exploiting this issue allows attackers to cause the application to execute arbitra...

Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability (0day)

No description provided by source. wwww.abysssec.com Novell File Reporter Agent XML Parsing Remote Code Execution Vulnerability 0day CVE-2012-4959 @abysssec well just one more of our 0day got published after 2 year here is info :...

Qbik WinGate Standard <= 3.0.5 Log Service Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/507/info The WinGate log service is configured by default to only allow connections from 127.0.0.1, but can be set to allow connections from anywhere. Either way, there is a vulnerability that will allow any file to be re...

CVE-2014-0040

OpenStack Heat Templates heat-templates, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download 1 packages and 2 signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors...

Android Browser and WebView addJavascriptInterface Code Execution

This Metasploit module exploits a privilege escalation issue in Android versions prior 4.2's WebView component that arises when untrusted Javascript code is executed by a WebView that has one or more Interfaces added to it. The untrusted Javascript code can call into the Java Reflection APIs...

Apple iTunes Multiple Vulnerabilities (HT6001) - Windows

Apple iTunes is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apple:itunes";...

Eaton Network Shutdown Module 3.21 PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Cisco SocialMiner administration.jsp HTTP Information Disclosure Vulnerability

A vulnerability in the administration.jsp page of Cisco SocialMiner could allow an unauthenticated, remote attacker to access sensitive information. The vulnerability exists because the affected software implements an insecure HTTP connection between a Cisco SocialMiner client and server when...

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel

While much of the world was focused yesterday on the Gauss malware saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the Zeus and Citadel attacks, though the motivation behind the attack is somewhat of a mystery. The new...

Shopware 3.5 – SQL injection vulnerability-vulnerability warning-the black bar safety net

Shopware 3.5 – SQL injectionvulnerability Directly attached to the code function httpreq$host, $q if!$ fs = fsockopen$host, 8 0 exit“Could not open HTTP - Connection to “.$ host.”\ r\n\r\n”; $head = “GET /recommendation/bought/Article/”. urlencode“0 AND SELECT 1 FROM SELECT COUNT, CONCATSELECT “....

CVE-2012-2439

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

CVE-2012-2440

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

Default configuration

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

Default configuration

The default configuration of the NETGEAR ProSafe FVS318N firewall enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

CVE-2012-2440

The default configuration of the TP-Link 8840T router enables web-based administration on the WAN interface, which allows remote attackers to establish an HTTP connection and possibly have unspecified other impact via unknown vectors...

CVE-2012-2439

The vulnerability CVE-2012-2439 affects the NETGEAR ProSafe FVS318N firewall. The issue is caused by a default configuration that enables web-based administration on the WAN interface, allowing remote attackers to establish an HTTP connection and potentially impact confidentiality, integrity, and...

Apple iTunes < 10.5.1 Update Authenticity Verification Weakness (credentialed check)

The version of Apple iTunes installed on the remote Mac OS X host is earlier than 10.5.1. As such, it uses an unsecured HTTP connection when checking for or retrieving software updates, which could allow a man-in-the-middle attacker to provide a Trojan horse update that appears to originate from...

Pidgin < 2.10.0 Multiple Vulnerabilities

The version of Pidgin installed on the remote host is earlier than 2.10.0. As such, it is potentially affected by the following issues : - A code execution vulnerability caused by clicking on a file:// URI received in an IM that Pidgin will attempt to execute. This can result in the execution of...