CVE-2013-4726

CVE-2013-4726 concerns Acora CMS (CM3 AcoraCMS) in DDSN Interactive, affected versions include 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1 (and possibly others). The description states a Cross-site request forgery (CSRF) vulnerability that allows remote attackers to hijack the authentication of un...

CVE-2013-4722

CVE-2013-4722 affects Acora CMS (DDSN cm3 Acora CMS) prior to or within versions 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1. The vulnerability is a reflected cross-site scripting (XSS) in Admin/login/default.asp caused by insufficient input validation and lack of output escaping for parameters us...

CVE-2013-4722

Multiple cross-site scripting XSS vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 url, 3 qstr parameter...

CVE-2013-4726

Cross-site request forgery CSRF vulnerability in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...

FS-NyarL - Network Takeover & Forensic Analysis Tool

NyarL it's Nyarlathotep, a mitological chaotic deity of the writer HP. Lovecraft's cosmogony. It's represent Crawling Chaos and FS-NyarL it's The Crawling Chaos of Cyber Security :- A network takeover & forensic analysis tool - useful to advanced PenTest tasks & for fun and profit - but use it at...

Real-Time, Interactive Map Tracks Global Cyber Threats

Information security has become a global problem, and getting a handle on the scope of the threats to users is a difficult task. A new interactive infographic illustrates a variety of cyber threats in real time, as detected by the Kaspersky Security Network KSN. The threats are broken down by typ...

Primo Interactive CMS 'pcm.cgi'远程命令执行漏洞

Bugtraq ID:66549 Primo Interactive CMS是一款内容管理系统。 Primo Interactive CMS 'pcm.cgi'不正确过滤用户提交的数据，允许攻击者利用漏洞提交特殊请求以WEB上下文执行任意shell命令。 0 Primo Interactive CMS 6.2 目前没有详细解决方案： http://www.primo-corp.com.my http://www.example.com/cgi-bin/pcm.cgi?download=;id|...

Primo Interactive CMS - pcm.cgi Remote Command Execution

Primo Interactive CMS - pcm.cgi Remote Command Execution source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this...

Primo Interactive CMS - 'pcm.cgi' Remote Command Execution

source: https://www.securityfocus.com/bid/66549/info Primo Interactive CMS is prone to a remote command-execution vulnerability because the application fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary commands in the context of the...

[Peepdf] PDF Analysis and Creation/Modification Tool

peepdf is a Python tool to explore PDF files in order to find out if the file can be harmful or not. The aim of this tool is to provide all the necessary components that a security researcher could need in a PDF analysis without using 3 or 4 tools to make all the tasks. With peepdf it's possible ...

[Skipfish] Web Application Security Scanner

Skipfish is an active web application security reconnaissance tool. It prepares an interactive sitemap for the targeted site by carrying out a recursive crawl and dictionary-based probes. The resulting map is then annotated with the output from a number of active but hopefully non-disruptive...

Vision Interactive - SQL Injection / Cross-Site Scripting Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Vision Interactive - SQL Injection and Cross-Site Scripting Google Dork: "Powered by Vision Interactive" Date: 04/02/2014 ontact: FB /7h38357 Exploit Author: X-Line Empire North Vendor Homepage: www.visioninteractive.ma Software...

'The Hacker News' Magazine - Relaunching New Editions

Dear Readers, After publishing 15 informative editions of 'The Hacker News' magazine in past 2 years; we at THN are again planning to relaunch the new Chapters of 'The Hacker News Magazine'. The Hacker News THN Monthly Magazine is the most comprehensive and informative collection of IT Security,...

CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

Design/Logic Flaw

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

CVE-2013-6838

An unspecified Enghouse Interactive Professional Services "addon product" in Enghouse Interactive IVR Pro VIP2000 9.0.3 rel903, when using OpenVZ and fallback customization, uses the same SSH private key across different customers' installations, which allows remote attackers to gain privileges b...

CVE-2013-6838

CVE-2013-6838 affects Enghouse Interactive IVR Pro (VIP2000) 9.0.3 (rel903) when using OpenVZ with fallback customization. The vulnerability stems from using the same SSH private key across different customer installations, enabling remote attackers to gain privileges; advisories (XPD-2013-001) d...

[XSS Shell] XSS Backdoor and Zombie Manager

XSS Shell is powerful a XSS backdoor and zombie manager. This concept first presented by “XSS-Proxy – http://xss-proxy.sourceforge.net/”. Normally in XSS attacks attacker has one shot, in XSS Shell you can interactively send requests and get responses from victim. you can backdoor the page...

Enghouse Interactive IVR Pro (VIP2000) Remote Root

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 XPD - XPD Advisory https://xpd.se Enghouse Interactive IVR Pro VIP2000 remote root authentication bypass Vulnerability Advisory ID: XPD-2013-001 CVE reference: CVE-2013-6838 Affected platforms: IVR Pro/Contact Center VIP2000 platforms with OpenVZ an...

LiveZilla 5.1.1.0 Stored XSS in operator clients

Author: Jakub Zoczek [email protected] CVE Reference: CVE-2013-7003 Product: LiveZilla Vendor: LiveZilla GmbH http://livezilla.net Affected version: 5.1.1.0 Severity: Medium CVSSv2 Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Status: Fixed 0x01 Background LiveZilla, the widely-used and trusted Live Help...