Cyberoam UTM - Multiple Vulnerabilities

Cyberoam UTM - Multiple Vulnerabilities SECURITY ADVISORY: cyberoam-utm-command-executaion Affected Software: Cyberoam CR50ia 10.01.0 build 678 Vulnerability: OS Command Execution Severity: High Release Date: Unreleased I. Background "Cyberoam Unified Threat Management appliances offer assured...

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet - Directory Traversal

ManageEngine DeviceExpert 5.6 Java Server ScheduleResultViewer servlet Unauthenticated Remote Directory Traversal Database Backup / auth-conf.xml Disclosure Exploit product homepage: http://www.manageengine.com/products/device-expert/ file tested: ManageEngineDeviceExpert.exe tested against:...

USN-1397-1: MySQL vulnerabilities

Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 5.1.61 in Ubuntu 10.04 LTS, Ubuntu 10.10, Ubuntu 11.04 and Ubuntu 11.10. Ubuntu 8.04 LTS has been updated to MySQL 5.0.95. In addition to security...

Important: mysql

Issue Overview: This update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section. CVE-2011-2262, CVE-2012-0075, CVE-2012-0087, CVE-2012-0101, CVE-2012-0102,...

GAzie <= 5.20 Cross Site Request Forgery

Exploit for php platform in category web applications ======================================== GAzie Date: 5/02/2012 Site: http://www.giudinvx.altervista.org/ -------------------------------------------------------- @Application Info: Multicompany finance application written in PHP using a MySql...

CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to configure an arbitrary database via the dbhost and dbname parameters, and subsequently conduct static...

Multiple Bugs Haunt WordPress Setup

Researchers have found a string of weaknesses in the WordPress default installation page, including PHP code execution and a persistent cross-site scripting flaw, affecting versions 3.3.1 and later. WordPress officials say that they’re not planning to fix the vulnerabilities as there’s only a sma...

WordPress <= 3.3.1 - Multiple Vulnerabilities

WordPress version 3.3.1 is prone to PHP code execution and persistent cross-site scripting vulnerabilities via "setup-config.php" page. The attackers can host their own MySQL database server and then successfully complete the WordPress installation without having any valid credentials on the targ...

WordPress Core 3.3.1 - Multiple Vulnerabilities

Trustwave's SpiderLabs Security Advisory TWSL2012-002: Multiple Vulnerabilities in WordPress https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt Published: 1/24/12 Version: 1.0 Vendor: WordPress http://wordpress.org/ Product: WordPress Version affected: 3.3.1 and prior Product...

phpMyAdmin 3.4.8之前版本多个跨站脚本执行漏洞

BUGTRAQ ID: 51099 CVE ID: CVE-2011-4634 phpMyAdmin是一个用PHP编写的，可以通过web方式控制和操作MySQL数据库。 phpMyAdmin 3.4.8之前版本在实现上存在多个跨站脚本执行漏洞，远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码，窃取Cookie身份验证凭证。 使用特制的数据库名称，可能会在数据库同步和数据库重命名面板中执行XSS。使用无效的和特制的SQL查询，在表格全览面板上编辑查询时造成XSS或在使用创建视图对话框时执行XSS。使用特制的列类型，可能在表格搜索或创建索引对话框时执行XSS 0...

Welt.de hacked - Credit Card info of 30264 users Compromised

Welt.de hacked - Credit Card info of 30264 users Compromised Welt.de hacked using an SQL Injection https://boot24.welt.de/indexwelt..php?ac =. The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links ...

Stevens Institute of Technology database leaked by p0keu for #Antisec

Stevens Institute of Technology database leaked byp0keu for Antisec Stevens Institute of Technology database leaked by Anonymous - p0keu for Antisec on pastebin, the leaks are a MySQL database and a cms database, usernames/passwords, this leak comes from the same source as the 4 random leaks and...

PT-2011-09: Arbitrary Command Execution in ManageEngine ServiceDesk Plus 8.0.0

The specialists of the Positive Research center have revealed an arbitrary code execution vulnerability in ManageEngine ServiceDesk Plus. If Microsoft SQL Server is used as application database server, insufficient validation of input settings for /CustomReporthandler.do script that is use to...

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal

ManageEngine Support Center Plus 7.8 Build 7801 - Directory Traversal Advisory: ManageEngine Support Center Plus 7.8 build 0x90.nl Software link: http://www.manageengine.com/products/support-center/download.html Tested on: Linux & Windows Category: Directory Traversal Severity: High Google Dork:...

CVE-2011-1906

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

Design/Logic Flaw

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

CVE-2011-1906

Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific user-account credentials in a MySQL database, which makes it easier for remote attackers to read the event collection table via requests to the management port, a different vulnerability than CVE-2011-0756...

NooMS CMS 1.1.1 Cross Site Request Forgery

NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this morning so figured I'd try to see how fast it would take me ...

NooMS CMS version 1.1.1 CSRF

Exploit for php platform in category web applications NooMS CMS version 1.1.1 CSRF Bug Found: April 9th 2011 Found by: loneferret as far as I know anyway Software Download Link: http://phpkode.com/download/p/2381nooms1.1.1.tar.bz2 Nods to exploit-db Team Well, I didn't have much to do this mornin...

[SECURITY] Fedora 15 Update: roundcubemail-0.5.1-1.fc15

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...