Multiple Vulnerabilities in Horizon QCMS

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Horizon QCMS, which can be exploited to read contents of arbitrary files and perform SQL Injection attacks. 1 Path Traversal in Horizon QCMS: CVE-2013-7138 The vulnerability exists due to insufficient filtration of...

Debian Announces End of Security Support for IceApe

Developers at Debian today informed users still clinging to Iceape – an Internet suite modeled on old Mozilla code – that they are cutting the cord and will stop supplying the software with security updates. Iceape is more or less a Debian-branded hybrid of several community-driven entities,...

Kimai v0.9.2 'db_restore.php' SQL Injection Vulnerability

Exploit for php platform in category remote exploits require 'msf/core' class Metasploit3 "Kimai v0.9.2 'dbrestore.php' SQL Injection", 'Description' = %q This module exploits a SQL injection vulnerability in Kimai version 0.9.2.x. The 'dbrestore.php' file allows unauthenticated users to execute...

Debian Security Advisory DSA 2780-1 (mysql-5.1 - several vulnerabilities)

This DSA updates the MySQL database to 5.1.72. This fixes multiple unspecified security problems in the Optimizer component: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html OpenVAS Vulnerability Test $Id: deb2780.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated...

XAMPP 1.8.1 Local Write Access Vulnerability

============================================= INTERNET SECURITY AUDITORS ALERT 2013-007 - Original release date: March 14th, 2013 - Last revised: March 19th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 6,8/10 CVSS Base Score - CVE-ID: CVE-2013-2586...

XAMPP 1.8.1 Local Write Access Vulnerability

XAMPP version 1.8.1 allows an unprivileged user the ability to write to the local disk. It has been detected than an unprivileged user can write in the local disk and the local file "lang.tmp" can be modified in the remote machine. The injection is done through the page "/xampp/lang.php"...

Amazon Linux AMI : mysql51 (ALAS-2012-141)

This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory pages, listed below. - http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.htmlAppendixMSQL April 2012 -...

Debian Security Advisory DSA 2739-1 (cacti - several vulnerabilities)

Two security issues SQL injection and command line injection via SNMP settings were found in Cacti, a web interface for graphing of monitoring systems. OpenVAS Vulnerability Test $Id: deb2739.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2739-1 using nvtgen 1.0 Script...

Fedora Update for mantis FEDORA-2013-5801

Check for the Version of mantis OpenVAS Vulnerability Test Fedora Update for mantis FEDORA-2013-5801 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Updated phpmyadmin packages fix security vulnerabilities

Using a crafted SQL query, it was possible to produce an XSS on the SQL query form PMASA-2013-8CVE-2013-4995. In the setup/index.php, using a crafted hash with a Javascript event, untrusted JS code could be executed. In the Display chart view, a chart title containing HTML code was rendered...

USN-1909-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.70 in Ubuntu 10.04 LTS. Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.04 have been updated to MySQL 5.5.32. In addition to security fixes, the...

Oracle Linux 5 : mod_auth_mysql (ELSA-2009-0259)

The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2009-0259 advisory. 3.0.0-3.2 - add security fix for CVE-2008-2384 480613 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. No...

Oracle MySQL Server Geometry Query Integer Overflow (CVE-2013-1861)

A heap buffer overflow vulnerability has been reported in MySQL database server...

Beta Bot Trojan Emerges as New Type of Banking Malware

A new strain of banking malware, Beta Bot, has been refined over the last few months to target ecommerce and comes complete with an array of features to help prevent it from being caught by usual security measures. According to research conducted by RSA Security’s Limor Kessem, the bot started ou...

PT-2013-4644 · Mysql Server +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.5.30 and earlier MySQL Server versions 5.6.10 and earlier Description: The issue affects the availability of the system, allowing remote authenticated users to impact it via unknown vectors related to Prepared...

Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections

Alienvault Open Source SIEM OSSIM 4.1.2 - Multiple SQL Injections RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products ...

Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections

RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution 6. Credit 7. Disclosure Timeline 1...

DSA-2667-1 mysql-5.5 - several

Bulletin has no description...

AlienVault OSSIM 4.1.2 SQL Injection Vulnerability

AlienVault OSSIM versions 4.1.2 and below suffer from remote SQL injection vulnerabilities. RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2...

AlienVault OSSIM 4.1.2 SQL Injection

RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities Vendor Website : http://www.alienvault.com INDEX --------------------------------------- 1. Background 2. Description 3. Affected Products 4. Vulnerabilities 5. Solution 6. Credit 7. Disclosure Timeline 1...