Briefcase 4.0 iOS - Code Exec & File Include Vulnerability

Document Title: =============== Briefcase 4.0 iOS - Code Exec & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID: ====================================...

Community Health data leak suspected of the use of the Heartbleed vulnerability-a vulnerability warning-the black bar safety net

When the Heartbleed OpenSSL vulnerability in 4 months is discovered, the security community many experts are warning that the vulnerability could be used to expose sensitive data, although at the time also there is no evidence that attackers are actively using Heartbleed vulnerability. And now, a...

Information disclosure

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response...

PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability

Document Title: =============== PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1289 Release Date: ============= 2014-08-04 Vulnerability Laboratory ID VL-ID: ==================================...

iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities

Document Title: =============== iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 1284...

Server: Host Header Poisoning

Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. For more...

XMB <= 1.9.6 Final basename() Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...

Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain...

Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security...

Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37351/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...

OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30989/info Open Media Collectors Database OpenDb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

DCP-Portal 3.7/4.x/5.x/6.x forums.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17050/info DCP Portal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

Instant Photo Gallery 1.0 member.php member Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues...

Wordpress Mini Mail Dashboard Widget Plugin 1.36 Remote File Inclusion

No description provided by source. Exploit Title: Mini Mail Dashboard Widget Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mini-mail-dashboard-widget Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

torrenttrader 2.08 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...

Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

activePDF WebGrabber ActiveX Control Buffer Overflow

No description provided by source. $Id: activepdfwebgrabber.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

Apple Mac OS X 10.3.x Help Protocol Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself due to the 'help:' protoc...

Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14313/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may...

Barter Sites 1.3 Joomla Component Multiple Vulnerabilities

No description provided by source. Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attac...