Saurus CMS 4.7.1 - Multiple Vulnerabilities

Saurus CMS 4.7.1 - Multiple Vulnerabilities waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web:...

JDK: unspecified vulnerability fixed in 6u51 and 5u51 (AWT)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT...

Mobile Atlas Creator 1.9.12 - Persistent Command Injection

Title: ====== Mobile Atlas Creator 1.9.12 - Persistent Command Injection Vulnerability Date: ===== 2013-06-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=970 VL-ID: ===== 970 Common Vulnerability Scoring System: ==================================== 3.5 Introduction:...

Elemata CMS RC3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Elemata CMS RC3.0 SQL Injection Date : 23 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://www.elemata.com/ Software Link :...

Cisco Iframe Injection

Dear Support, I have found iframe injection on newsroom.cisco.com. Affected URL: http://newsroom.cisco.com/blair-christie?articleId=%27%22%3E%3Ciframe%20src=%22http://www.avsecurity.in%22%20width=%221000%22%20height=%221000%22%3E/ Below are the description for the same. IFrame Injection: Using...

[SET v5.1] The Social-Engineer Toolkit codename “Name of the Doctor”

The Social-Engineer Toolkit SET version 5.1 codename “ Name of the Doctor ” has been released. This version adds a complete rewrite of the MSSQL Bruter as well as a new attack vector utilizing the PSExec functionality within Metasploit. The MSSQL Bruter now incorporates UDP port 1434 quick...

[SET v4.7] The Social-Engineer Toolkit

The Social-Engineer Toolkit SET version 4.7 codename “ Headshot ” has been released. This version of SET introduces the ability to specify multi-powershell injection which allows you to specify as many ports as you want and SET will automatically inject PowerShell onto the system on all of the...

WordPress plugins wp-catpro arbitrary file upload-vulnerability warning-the black bar safety net

----------------------------------------------------------------------- Wordpress plugins - wp-catpro Arbitrary File Upload Vulnerability ----------------------------------------------------------------------- Author = Zikou-1 6 Mailbox = [email protected] Test System : Windows 7 , Backtrack 5r3...

jenkins -- HTTP access to the server to retrieve the master cryptographic key

Jenkins Security Advisory reports: This advisory announces a security vulnerability that was found in Jenkins core. An attacker can then use this master cryptographic key to mount remote code execution attack against the Jenkins master, or impersonate arbitrary users in making REST API calls. The...

BloofoxCMS 0.3.5 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/56353/info bloofoxCMS is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Steam Gaming Platform Vulnerable to Remote Exploits; 50 Million at Risk

More than 50 million users of the Steam gaming and media distribution platform are at risk for remote compromise because of weaknesses in the platform’s URL protocol handler, a pair of researchers at ReVuln wrote in a paper released this week. Luigi Auriemma and Donato Ferrante discovered a numbe...

OpenJDK: AccessController.doPrivilegedWithCombiner() information disclosure (Security, 7172522)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security...

Critical issues affecting Steam users

We have just released a paper 1, in which we prove that the current implementation of the Steam Browser Protocol handling mechanism is an excellent attack vector to exploit local issues in a remote fashion. Steam 2 is the biggest gaming related digital delivery platform with an audience of more...

AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities

AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamical...

minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55577/info minimal Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

CVE-2012-2775

Unspecified vulnerability in the readvarblockdata function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quantcof."...

CVE-2011-5123

CVE-2011-5123 affects the Antivirus component of Comodo Internet Security (before 5.3.175888.1227). The vulnerability arises because the antivirus does not check whether X.509 certificates in signed executable files have been revoked. The provided documents state an unknown impact and potential r...

PT-2012-1362 · 3D · 3D Eqsecure Professional Edition

Name of the Vulnerable Software and Affected Versions: 3D EQSecure Professional Edition version 4.2 Description: A race condition in the software allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by...

OpenDocMan 1.2.6.1 Cross Site Request Forgery

Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz: @aviadgolan , @benhayak,...

JPM Article Blog Script 6 - tid Cross-Site Scripting

JPM Article Blog Script 6 - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/55112/info JPM Article Blog Script 6 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...