Symantec Messaging Gateway 9.5.3-3 - Arbitrary File Download

======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams Vendor: Symantec Vendor Reference: Systems Affected: Symantec Messaging Gateway 9.5.3-3 Risk:...

NGS000266 Technical Advisory: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL

======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems Affected: Symantec...

Symantec Messaging Gateway 9.5.3-3 Arbitrary File Download

======= Summary ======= Name: Symantec Messaging Gateway - Arbitrary file download is possible with a crafted URL authenticated Release Date: 30 November 2012 Reference: NGS00266 Discoverer: Ben Williams Vendor: Symantec Vendor Reference: Systems Affected: Symantec Messaging Gateway 9.5.3-3 Risk:...

MPC (Media Player Classic) XSS / Denial Of Service

========================================================================================== MPC Media Player Classic WebServer Multiple Vulnerabilities ==========================================================================================...

Media Player Classic (MPC) 1.5 - WebServer Request Handling Remote Denial of Service

Media Player Classic MPC 1.5 - WebServer Request Handling Remote Denial of Service source: https://www.securityfocus.com/bid/56567/info Media Player Classic WebServer is prone to a cross-site scripting vulnerability and a denial-of-service vulnerability. An attacker may leverage these issues to...

Media Player Classic XSS / Denial Of Service

MPC Media Player Classic suffers from cross site scripting and denial of service vulnerabilities. ========================================================================================== MPC Media Player Classic WebServer Multiple Vulnerabilities...

Skype Account Service - Session Token Bypass Vulnerability

Document Title: =============== Skype Account Service - Session Token Bypass Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=762 http://www.vulnerability-lab.com/getcontent.php?id=739 MSRC ID: 13175 Release Date: ============= 2012-11-14...

Invision IP.Board 3.3.4 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'msf/core/exploit/phpexe' class Metasploit3...

Invision Power Board <= 3.3.4 unserialize() PHP Code Execution (2)

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ Original:...

Invision IP.Board unserialize() PHP Code Execution

This module exploits a php unserialize vulnerability in Invision IP.Board 'Invision IP.Board unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in Invision IP.Board = 3.3.4 which could be abused to allow unauthenticated users to execute...

SugarCRM unserialize() PHP Code Execution

This module exploits a php unserialize vulnerability in SugarCRM 'SugarCRM unserialize PHP Code Execution', 'Description' = %q This module exploits a php unserialize vulnerability in SugarCRM = 6.3.1 which could be abused to allow authenticated SugarCRM users to execute arbitrary code with the...

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

Avaya IP Office Customer Call Reporter ImageUpload.ashx file upload

Added: 10/22/2012 CVE: CVE-2012-3811 BID: 54225 OSVDB: 83399 Background Avaya IP Office is a unified communications solution for mobile workforce. Problem The ImageUpload.ashx script allows unauthenticated users to upload arbitrary script files to the webserver. The script files can then be...

CVE-2012-5344

Directory traversal vulnerability in the WebServer Thttpd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to read arbitrary files via a .. dot dot in a HTTP request...

Directory traversal

Directory traversal vulnerability in the WebServer Thttpd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to read arbitrary files via a .. dot dot in a HTTP request...

CVE-2012-5344

Directory traversal vulnerability in the WebServer Thttpd.bat in IpTools aka Tiny TCP/IP server 0.1.4 allows remote attackers to read arbitrary files via a .. dot dot in a HTTP request...

CVE-2012-5344

CVE-2012-5344 affects IpTools’ Tiny TCP/IP Server (IpTools WebServer/Thttpd.bat 0.1.4). The connected data confirms a directory traversal vulnerability that allows remote reading of arbitrary files via a .. in an HTTP request. OpenVAS entries also reference a related remote buffer overflow for Ip...

PowerTCP WebServer for - ActiveX Denial of Service

PowerTCP WebServer for - ActiveX Denial of Service source: https://www.securityfocus.com/bid/55761/info PowerTCP WebServer for ActiveX is prone to a remote denial-of-service vulnerability. Attackers can exploit this issue to crash the application typically Internet Explorer, denying service to...