943 matches found
Tilde CMS 1.01 - Multiple Vulnerabilities
Tilde CMS 1.01 - Multiple Vulnerabilities Exploit Title: Tilde CMS 1.01 Multiple Vulnerabilities Date: July 7th, 2017 Exploit Authors: Paolo Forte, Raffaele Forte Vendor Homepage: http://www.tildenetwork.com/ Version: Tilde CMS 1.0.1 Tested on: Ubuntu 12.04, PHP 5.3.10 I. INTRODUCTION...
Verizon Patches XSS Issues in its Messaging Client
Verizon late last year patched a vulnerability in its Message+ messaging client that could have allowed an attacker to take over a session and possibly extend their reach into a user’s account management settings. Researcher Randy Westergren yesterday disclosed some details on the bug, which coul...
ProjectSend r754 - IDOR & Authentication Bypass
Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability Laboratory ID VL-ID: ==================================== 2031 Comm...
Within ten seconds of black off the Facebook home page? This vulnerability turned out to the value 1. 6 million dollars including vulnerability analysis-vulnerability warning-the black bar safety net
! How to black out your Facebook for? The man from India safe studies experts say have something to say. According to the foreign media to the latest reports, a man named ArunSureshkumar of India security experts at Facebook“Business Management Platform”for BusinessManager found a serious...
The vulnerability of the ColdFusion interpreter allows attackers to read arbitrary files or send TCP requests to servers in the internal network.
The vulnerability of the Office Open XML OOXML file format in ColdFusion is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows an attacker to remotely read arbitrary files or send TCP requests to internal server networks using a specially...
Insecure Direct Object References in Gallery - ownCloud
ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. Affected Software ownCloud Server 8.2.6 CVE-2016-5876 gallery/2e8f1f2509d15876ab09396dfe6c463aacdf5c5b ownCloud Server 9.0.3...
Server: Insecure Direct Object References in Gallery
ownCloud was vulnerable to a insecure direct object reference. Any unauthenticated user would be able to download any image from the server if the gallery app is enabled. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Option CloudGate CG0192-11897 - Multiple Vulnerabilities Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
Exploit for hardware platform in category web applications Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced...
Option CloudGate Insecure Direct Object Reference Auth Bypass
Option CloudGate Insecure Direct Object References Authorization Bypass Vendor: Option NV Product web page: http://www.option.com Affected version: CG0192-11897 Summary: The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic...
Option CloudGate Insecure Direct Object References Authorization Bypass
Summary The CloudGate M2M gateway from Option provides competitively priced LAN to WWAN routing and GPS functionality in a single basic unit certified on all major us cellular operators CDMA/EV-DO and WCDMA/HSPA+. The CloudGate is simple to configure locally or remotely from your PC, tablet or...
CVE-2016-2440
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896...
CVE-2016-2440
libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 mishandles object references, which allows attackers to gain privileges via a crafted application, aka internal bug 27252896...
The vulnerability of the SAP NetWeaver software integration platform allows a perpetrator to trigger a service failure.
The vulnerability of the UDDI component in the SAP NetWeaver software integration platform is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to trigger a service failure using a specially created XML request...
The vulnerability of the SAP Mobile Platform, a platform for developing mobile applications, allows a hacker to read arbitrary files.
The vulnerability of the SAP Mobile Platform for developing mobile applications is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a malicious actor to read arbitrary files using a specially created XML request...
CVE-2016-0728
The joinsessionkeyring function in security/keys/processkeys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service integer overflow and use-after-free via crafted keyctl commands...
perfact::mpa Insecure Direct Object Reference
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2015-067 Product: perfact::mpa Manufacturer: PerFact Innovation GmbH & Co. KG Affected Versions: Custom versions using PerFact DBUtils Toolkit v3.2 Tested Versions: Custom version with PerFact DBUtils Toolkit v3.2 Vulnerability Typ...
rubygem-actionpack: Object leak vulnerability for wildcard controller routes in Action Pack
A flaw was found in the Action Pack component's caching of controller references. An attacker could use this flaw to cause unbounded memory growth, potentially resulting in a denial of service...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...