CVE-2014-2366

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-2366

CVE-2014-2366 affects Advantech WebAccess prior to 7.2, where upAdminPg.asp can disclose credentials to remote authenticated users by exposing them in the HTML source. Evidence from NVD/NIST and multiple advisories confirms the vulnerable component and the credential disclosure flaw, with a high ...

CVE-2014-2366 Advantech WebAccess Cleartext Storage of Sensitive Information in Memory

upAdminPg.asp in Advantech WebAccess before 7.2 allows remote authenticated users to discover credentials by reading HTML source code...

How to prevent the next heartbleed-vulnerability warning-the black bar safety net

I. Introduction Based on the OpenSSL heart bleed vulnerability was considered to be the CVE-2 0 1 4-0 1 6 0 serious problem, OpenSSL is widely used in SSL and TLS plug-in. As used herein, the heart bleed vulnerability explanation this vulnerability is what is the use. This article studies the...

Netsparker v3.5 - Web Application Security Scanner

Netsparker Web Application Security Scanner can find and report web application vulnerabilities such as SQL Injection and Cross-site Scripting XSS and security issues on all web applications and websites regardless of the platform and the technology they are built on. Netsparker is very easy to u...

Joomla! Component Youtube Gallery 4.1.7 - SQL Injection

Exploit Title: Joomla component comyoutubegallery - SQL Injection vulnerability Google Dork: inurl:index.php?option=comyoutubegallery Date: 15-07-2014 Exploit Author: Pham Van Khanh [email protected] Vendor Homepage: http://www.joomlaboat.com/youtube-gallery Software Link:...

释锐教育区校版电子书包教学平台XSS漏洞

简要描述： 看到http://www.wooyun.org/bugs/wooyun-2010-051965过了，我也来了 存储型xss 详细说明： 利用官方demo测试 http://demo.31390.com:8080/eLearning/user.html 随意点击一个用户 在留言处写入xss语句 点击留言试试 直接就给弹了。。 看看源代码 毫无过滤 测试地址：http://demo.31390.com:8080/eLearning/message/s800.html 其实本身是html文件，给予xss很大空间 测试一下通用性...

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities

Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions Description ================ Aerohive version 5.1r5 through...

'Tinba' Banking Malware Source Code Leaked Online

The source code for the smallest but sophisticated banking Trojan Tinba has been leaked through an online post in an underground forum, which make it available for anyone who knows where to look for free malware generation tools. The files posted on the closed russian underground forum turned out...

Tinba Banker Trojan Source Code Posted

The source code for Tinba, known as the smallest banker Trojan in circulation, has been posted on an underground forum. Researchers say that the files turned out to be the source code for version one of Tinba, which was identified in 2012, and is the original, privately sold version of the...

FreeBSD-SA-14:17.kmem

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:17.kmem Security Advisory The FreeBSD Project Topic: Kernel memory disclosure in control messages and SCTP notifications Category: core Module: kern, sctp...

Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability

A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...

Information disclosure

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

CVE-2014-3298

Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco Cloud Portal places passwords in form data, which allows remote authenticated users to obtain sensitive information by reading HTML source code, aka Bug ID CSCui36976...

Merak Mail Server 7.4.5 calendar.html schedule Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10966/info The webmail package embedded in Merak Mail Server is reported prone to multiple vulnerabilities. The vulnerabilities reported are: - Multiple cross-site scripting vulnerabilities - An HTML injection vulnerabili...

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

No description provided by source. Exploit Title : TimeLive Time and Expense Tracking = Multiple Vulnerabilities Vulnerability : Directory Traversal / Remote Database Download / File Download / Source Code Disclosure Date : 28/09/2011 Author : Nathaniel Carew Impact : High Software Link :...

Allaire JRun 2.3 File Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1833/info Allaire JRun is a web application development suite with JSP and Java Servlets. JRun contains a vulnerability that allows a user to access documents outside of the webroot. Requesting a malformed URL using the...

Dolphin 7.0.3 - Multiple Vulnerabilities

No description provided by source. Exploit Title: Dolphin Mullti Vulnerability Date : 29-10-2010 Author : anT!-Tr0J4n Version : 7.0.3 DorK : Powered by Dolphin Greetz : Dev-PoinT.com inj3ct0r.com All Dev-poinT members and my friends Home : www.Dev-PoinT.com : http://inj3ct0r.com Email :...