837 matches found
CuteNews 1.3 Debug Query Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/9130/info An information disclosure weakness has been reported in CuteNews 1.3, that may expose sensitive server configuration data. The problem occurs due to CuteNews accepting a debug query that will result in the...
The Matt Wright guestbook.pl <= 2.3.1 - Server Side Include Vulnerability
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
flatnux 2009-03-27 (upload/id) Multiple Vulnerabilities
No description provided by source. Author: girex Homepage: girex.altervista.org Date: 17/04/2009 CMS: flatnux-2009-03-27 site: flatnux.altervista.org Bugs: Multiple remote vulnerabilities Flatnux suffers of multiple local file inclusions: output of my scanner Line: 10 File:...
exbb <= 0.22 (lfi/rfi) Multiple Vulnerabilities
No description provided by source. ==================================================================================================== / | |\ \ / | / |/ | | |/ \ | | / \ \ | \ \ | | | \ | |/ \ | | // | || | ||| /| / /\ | |||| /| / /...
RunCMS 1.6.1 - (pm.class.php) Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/29069/info RunCMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an...
C2FO: OPTIONS Method Enabled
Vulnerability Details:- I detected that OPTIONS method is allowed. This issue is reported as extra information. Impact:- Information disclosed from this page can be used to gain additional information about the target system. Remedy:- Disable OPTIONS method in all production systems. POC :- Reque...
PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...
PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...
PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application
It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other...
PHP Easter Egg Information Disclosure
An information disclosure vulnerability has been reported in the PHP pages. The vulnerability is due to incorrect web server configuration. A remote attacker can exploit this vulnerability by sending a specially crafted URL to an affected PHP page...
Multiple Vulnerabilities in VideoWhisper Live Streaming Integration WP Plugin
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in VideoWhisper Live Streaming Integration, which can be exploited to execute arbitrary code on the target system, gain access to potentially sensitive data, perform Cross-Site Scripting XSS attacks against users of...
Authentication flaw
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
ON: World readable configuration files expose sensitive data
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the 1 server and 2 agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files...
FreeBSD : OpenSSH -- Memory corruption in sshd (5709d244-4873-11e3-8a46-000d601460a4)
The OpenSSH development team reports : A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during kex exchange. If exploited, this vulnerability might permit code execution with the...
OpenSSH -- Memory corruption in sshd
The OpenSSH development team reports: A memory corruption vulnerability exists in the post- authentication sshd process when an AES-GCM cipher [email protected] or [email protected] is selected during kex exchange. If exploited, this vulnerability might permit code execution with the...
CVE-2013-4394
The SetX11Keyboard function in systemd, when PolicyKit Local Authority PKLA is used to change the group permissions on the X Keyboard Extension XKB layouts description, allows local users in the group to modify the Xorg X11 Server configuration file and possibly gain privileges via vectors...
Ukrainian Banking App Vulnerable to Attack
Privat24, the mobile banking application for Ukraine’s largest commercial bank, contains an insufficient validation vulnerability in its iOS, Android, and Windows phone apps that could give an attacker the ability to steal money from user accounts after bypassing its two-factor authentication...
CVE-2013-3278
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...
Design/Logic Flaw
EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage of the LDAP/AD bind password, which allows local users to obtain sensitive information by reading the management-server configuration file...
[(D)DoS Deflate] Script designed to block a denial of service attack
DoS+Deflate.gif DDoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections. It is one of the simplest...