4901 matches found
[Introspy] Monitor app in your iDevice
The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...
Gnew 2013.1 - Multiple Vulnerabilities (1)
Gnew 2013.1 - Multiple Vulnerabilities 1 Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server MySQL,...
Gnew 2013.1 - Multiple Vulnerabilities (1)
Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server MySQL, PostgreSQL or SQLite for storage. Desc:...
Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities
Summary Gnew is a simple Content Management System written with PHP language and using a database server MySQL, PostgreSQL or SQLite for storage. Description Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploit...
Gnew 2013.1 Cross Site Scripting / SQL Injection Vulnerabilities
Gnew 2013.1 suffers from cross site scripting and remote SQL injection vulnerabilities. Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with...
Gnew 2013.1 Cross Site Scripting / SQL Injection
Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities Vendor: Raoul Proença Product web page: http://www.gnew.fr Affected version: 2013.1 Summary: Gnew is a simple Content Management System written with PHP language and using a database server MySQL, PostgreSQL or SQLite for storage. Desc:...
ReadyMedia - Remote Heap Buffer Overflow
ReadyMedia - Remote Heap Buffer Overflow source: https://www.securityfocus.com/bid/61282/info ReadyMedia is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempt...
ReadyMedia - Remote Heap Buffer Overflow
source: https://www.securityfocus.com/bid/61282/info ReadyMedia is prone to a remote heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service...
[SpiderFoot v2.0] The Open Source Footprinting tool
SpiderFoot is a free, open-source footprinting tool, enabling you to perform various scans against a given domain name in order to obtain information such as sub-domains, e-mail addresses, owned netblocks, web server versions and so on. The main objective of SpiderFoot is to automate the...
[ADEL] Android Data Extractor Lite
ADEL which is meant as an abbreviation of “Android Data Extractor Lite ”. ADEL was developed for versions 2.x of Android and is able to automatically dump selected SQLite database files from Android devices and extract the contents stored within the dumped files. In this section we describe the...
[Ghost Phisher] GUI suite for phishing and penetration attacks
Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...
phonon, qt security update
CentOS Errata and Security Advisory CESA-2013:0669 Updated qt packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score,...
n.runs-SA-2013.003 - Polycom - H.323 CDR Database SQL Injection
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...
Polycom H.323 CDR Database SQL Injection
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.003 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 CDR Database SQL Injection Risk: HIGH Overview: For every received H.323 SETUP...
Polycom H.323 Format String
n.runs AG http://www.nruns.com/ securityatnruns.com n.runs-SA-2013.004 15-Mar-2013 Vendor: Polycom, http://www.polycom.com Affected Products: Polycom HDX Series Affected Version: 3.1.1.2 Vulnerability: Polycom H.323 Format String Vulnerability Risk: HIGH Overview: For every received H.323 SETUP...
PHP < 5.3.15 Security Bypass Vulnerability - Windows
PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...
SuSE 11.1 Security Update : php5 (SAT Patch Number 6627)
This update fixes two security issues of PHP5 : - Potential overflow in phpstreamscandir. CVE-2012-2688 - openbasedir bypass via SQLite extension. CVE-2012-3365 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from SuSE 11...
SQLiteManager 1.2.4 - Remote PHP Code Injection
SQLiteManager 1.2.4 - Remote PHP Code Injection !/usr/bin/env python ''' Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit...
SQLiteManager 1.2.4 - Remote PHP Code Injection
!/usr/bin/env python ''' Description: =============================================================== Exploit Title: SQLiteManager 0Day Remote PHP Code Injection Vulnerability Google Dork: intitle:SQLiteManager inurl:sqlite/ Date: 23/01/2013 Exploit Author: RealGame Vendor Homepage:...
phpLiteAdmin 'phpliteadmin.php'远程PHP代码注入漏洞
phpLiteAdmin是一款基于web的SQLite数据库管理工具 phpLiteAdmin 'phpliteadmin.php'创建新数据库时不正确过滤用户提交的数据,允许攻击者利用漏洞注入恶意文件,并以WEB权限执行 0 phpLiteAdmin =1.9.3 厂商解决方案 目前没有详细解决方案提供: http://code.google.com/p/phpliteadmin/...