408 matches found
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities
SugarCRM Community Edition - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/55347/info SugarCRM Community Edition is prone to multiple information-disclosure vulnerabilities because it fails to restrict access to certain application data. Attackers can...
CVE-2012-3368
Integer signedness error in attach.c in dtach 0.8 allows remote attackers to obtain sensitive information from daemon stack memory in opportunistic circumstances by reading application data after an improper connection-close request, as demonstrated by running an IRC client in dtach...
phpCollab 2.5 - Direct Request Multiple Protected Page Access
phpCollab 2.5 - Direct Request Multiple Protected Page Access source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to application data and to...
PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload
PHPCollab 2.5 - uploadfile.php Crafted Request Arbitrary Non-PHP File Upload source: https://www.securityfocus.com/bid/53675/info phpCollab is prone to an unauthorized-access and an arbitrary-file-upload vulnerabilities. Attackers can leverage these issues to gain unauthorized access to applicati...
Changing from a single-user to a multi-user installation on Windows (rev2) – Opera Security Advisories
Changing from a single-user to a multi-user installation on Windows rev2 – Opera Security Advisories OPCOM Team | January 5, 2012 If you received the error message “There was a problem initializing Opera Mail. Engine Init Failed”, it may mean that you have a stand-alone USB installation of Opera...
Design/Logic Flaw
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
PYSEC-2011-2
The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...
CVE-2011-4136
django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...
INSECT Pro 2.7 - Penetration testing tool download
INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...
INSECT Pro 2.7 - Penetration testing tool download
INSECT Pro 2.7 - Penetration testing tool download INSECT Pro 2.7 - Ultimate is here! This penetration security auditing and testing software solutionis designed to allow organizations of all sizes mitigate, monitor and manage the latest security threats vulnerabilities and implement active...
Windows Gather Apple iOS MobileSync Backup File Collection
This module will collect sensitive files from any on-disk iOS device backups This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'English' class MetasploitModule 'Windows Gather Apple iOS MobileSync Backup File...
CVE-2011-1475
The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for...
Xplico v0.6.1 - Network Forensic Analysis Tool (NFAT)
"The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email POP, IMAP, and SMTP protocols, all HTTP contents, each VoIP call SIP, FTP, TFTP, and so on. Xplico isn't a network protocol analyzer. Xplico is...
CVE-2010-4213
The Bank of America application 2.12 for Android stores a security question's answer in cleartext, which might allow physically proximate attackers to obtain sensitive information by reading application data...
CVE-2010-4212
The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data...
Code injection
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors...
CVE-2010-2711
Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the iPad allows remote attackers to read and modify MagCloud application data via unknown vectors...
Code injection
The IBM BladeCenter with Advanced Management Module AMM firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service management module reboot via TCP packets with malformed application data...
Design/Logic Flaw
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted...
CVE-2009-1754
The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted...