Moderate: Red Hat Security Advisory: mysql55-mysql security update

Updated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Cisco WebEx Meeting Center Web-Based Administrative Interface User Enumeration Vulnerability

A vulnerability in the web-based administrative interface of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to enumerate valid usernames and determine if the usernames have administrative privileges. The vulnerability is due to a logic error in the handling of invalid...

IdeaCMS logic login bug, pass to kill 0day-vulnerability warning-the black bar safety net

Baidu keywords: Powered By IdeaCMS ! A successful landing ! You can also login does not exist the user ! Landing wooyunsec the user to the user database does not exist, you can still continue the landing） !...

deaCMS logic login bug, pass to kill 0day-vulnerability warning-the black bar safety net

Baidu keywords: Powered By IdeaCMS ! A successful landing ! You can also login does not exist the user Landing wooyunsec the user to the user database does not exist, you can still continue the landing）...

IdeaCMS built Station system universal vulnerability affects thousands of sites-vulnerability warning-the black bar safety net

IdeaCMS based on the ASP+MSSQL/ACCESS technology development from 2 0 0 8 released in the first version since, every year, we are on a program to do a larger version of the update, so far has released six major versions. IdeaCMS in a simple, efficient, flexible, easy to use, open source, template...

CVE-2014-9577

VDG Security SENSE formerly DIVA 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response...

Default credentials

VDG Security SENSE formerly DIVA 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response...

CVE-2014-9577

VDG Security SENSE formerly DIVA 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 and reading the response...

Visual Mining NetCharts Server Remote Code Execution Exploit

This Metasploit module exploits multiple vulnerabilities in Visual Mining NetCharts. First, a lack of input validation in the administration console permits arbitrary jsp code upload to locations accessible later through the web service. Authentication is typically required, however a 'hidden' us...

ArubaOS 6.3.1.11 / 6.4.2.1 SSH Authentication Bypass

The version of ArubaOS has an unspecified vulnerability that allows a remote attacker to obtain limited administrative privileges without valid credentials. The vulnerability affects access over SSH. However, access through WebUI and the serial port is not affected, and the vulnerability does not...

IISWorks FileMan fileman.mdb Remote User Database Disclosure

No description provided by source. Exploit Title: IISWorks FileMan fileman.mdb Remote User Database Disclosure Disclosure Date: July 5, 2005 Author: Known Vulnerability Software Link: http://www.scriptdungeon.com/scripts/asp/FileManASP.rar Version: OSVDB: 17824 Security Tracker ID: 1014383 Found...

PostNuke 0.6 Unauthenticated User Login Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3435/info PostNuke, successor to PHPNuke, is a content management system written in PHP. PostNuke versions 0.62 to 0.64 suffer from a vulnerability that allows a remote user to log-in as any user with known username and I...

ASP-Nuke 1.0/1.2/1.3 - Remote User Database Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9355/info A problem has been identified in ASP-Nuke when user credentials are stored on a system. Because of this, an attacker may be able to gain unauthorized access to sensitive information...

List Site Pro 2.0 User Database Delimiter Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6685/info List Site PRO is a top site ranking system that counts hits from member sites and then ranks them according to the number of hits. A problem has been reported for List Site PRO that would allow an attacker to...

SimpleBBS 1.0.6 Users.php Insecure File Permissions Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7045/info SimpleBBS reportedly creates sensitive files with world-readable permissions. As a result anyone who has access to SimpleBBS web resources may access confidential information stored in the SimpleBBS user databas...

Siteman 1.1 User Database Privilege Escalation Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...

Siteman 1.1 User Database Privilege Escalation Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply...

iSO Filer Lite 2.1.0 - Directory Traversal

No description provided by source. Exploit Title: Filer Lite v2.1.0 for iPhone / iPod touch, Directory Traversal Date: 02/24/2011 Author: R3d@l3rt, Sp@2K, Sunlight, H@ckk3y Software Link : http://itunes.apple.com/kr/app/filer-lite-download-view-manage/id350939597?mt=8 Version: 2.1.0 Tested on:...

deV!L`z Clanportal Witze Addon 0.9 - SQL Injection Vulnerability

No description provided by source. ======================================================================================== | Title : deV!Lz Clanportal Witze Addon Versions 0.9 SQL Injection Vulnerability | Author : Easy Laster | Download : http://dzcp-zone.de/downloads/?action=show&id=97 | Scrip...

Amazon Linux AMI : tomcat6 (ALAS-2011-25)

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret...