CVE-2013-6687

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

Design/Logic Flaw

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

CVE-2013-6687

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

FreeBSD-SA-14:02.ntpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:02.ntpd Security Advisory The FreeBSD Project Topic: ntpd distributed reflection Denial of Service vulnerability Category: contrib Module: ntpd Announced:...

By wave CMS arbitrary file type upload get webshell-vulnerability warning-the black bar safety net

Brief description: There is no uploaded file type is determined, you can directly Upload a dynamic script to get webshell Detailed description: From the official website to download the cms code in the source directory edit directory batupload. aspx file By decompile to see source code as follows...

Triangle MicroWorks DNP3从源代码库远程拒绝服务漏洞

Triangle MicroWorks是一家总部设在美国的公司，Triangle MicroWorks产品是单机或第三方组件产品，使用各种传输协议与外设/从设备进行通信OPC Client, IEC 60870-6 TASE.2/ICCP Client, IEC 60870-5, DNP3, Modbus。 Triangle Research DNP3从源代码库Slave Source Code Library包含一个竞争条件缺陷，允许远程拒绝服务攻击。等待链接层应答过程中处理链接状态请求时可触发该漏洞，允许远程攻击者利用该漏洞可使链接该库的应用程序崩溃。 0 Triangle...

CVE-2013-7222

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

Code injection

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

SPIP ecran_securite connect Parameter RCE

SPIP core/securite/ecransecurite.php connect Parameter Remote Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

ShopEx某些服务器存在任意代码执行漏洞(可泄漏用户交易数据)

简要描述： 可执行命令，查看源码！ 详细说明： php cgi漏洞 http://shop322763.p13.shopex.cn/ 漏洞证明： http://shop322763.p13.shopex.cn/?-s http://shop319398.p09.shopex.cn/?-s http://shop317459.p21.shopex.cn/?-s 尝试执行PHP代码，虽然有openbasedir，disablefunctions的限制，不过我能直接CGI方式给PHP传参，这些限制自然不在话下，bypass之。 影响的用户太多了，厂商还是自查吧。。。...

Geolocation OSINT Tool Creepy

Geolocation OSINT Tool Creepy Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What’s new in...

CVE-2013-6972

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126...

CVE-2013-6972

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126...

CVE-2013-6972

Cisco WebEx Training Center exposes session numbers via server HTML responses, allowing remote attackers to discover valid session numbers and bypass host approval to join audio-conferences without attendee authorization. Root cause: inappropriate disclosure of sensitive information in server rep...

Vtiger 5.4.0 Cross Site Scripting

SOJOBO-ADV-13-05 - Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity :...

Proof-of-Concept App Released for Android Jelly Bean Security Bypass Bug

The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app. The vulnerability in question lies in...

Chamilo LMS 1.9.6 (profile.php, password0 param) - SQL Injection Vulnerability

Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of...

Pydio File Upload

Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

November 2013 Adobe Flash, ColdFusion security patches

Adobe patched two vulnerabilities in its ColdFusion web application server today, and also released a Flash Player update that patched a remote code execution bug in the software. A company spokesperson said none of the vulnerabilities are being exploited, nor are they related to the recent theft...

WordPress Gallery Bank 2.0.19 Cross Site Scripting

SOJOBO-ADV-13-03 - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting I. Information ================== Name : Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting Software : Gallery Bank 2.0.19 and possibly below. Vendor Homepage : http://gallery-bank.com/...