File Hub Input Validation Vulnerability

File Hub provides easy access to files on iOS Devices, Cloud Services and remote computers. An input validation vulnerability exists in File Hub. An attacker can inject malicious persistent code into the mobile application...

emblog file upload vulnerability

emlog is the short form of "Every Memory Log", meaning: a little bit of memory. It is a PHP language and MySQL database based on open source, free, powerful personal or multi-person co-authored blog system blog. PHP and MySQL-based powerful blog and CMS site-building system . A security...

New Relic: rpm.newrelic.com - monitor creation to other accounts

It is possible to create monitors for other users by changing the user id in the body of the post request when creating a new monitor. Even though my tests were unsuccessful in a XSS on the monitor information, it may be an attack vector to other vulnerabilities since the monitor information show...

FreeBSD : activemq -- Unsafe deserialization (a258604d-f2aa-11e5-b4a9-ac220bdcec59)

Alvaro Muatoz, Matthias Kaiser and Christian Schneider reports : JMS Object messages depends on Java Serialization for marshaling/unmashaling of the message payload. There are a couple of places inside the broker where deserialization can occur, like web console or stomp object message...

Microsoft .NET Framework XML Validation Security Feature Bypass Vulnerability

Microsoft .NET Framework is a comprehensive and consistent programming model developed by Microsoft Corporation USA and a development platform for building Windows, Windows Store, Windows Phone, Windows Server and Microsoft Azure Windows Store, Windows Phone, Windows Server, and Microsoft Azure...

InstantCoder 1.0 iOS - Multiple Vulnerabilities

Exploit for iOS platform in category web applications Document Title: =============== InstantCoder v1.0 iOS - Multiple Web Vulnerabilities Product & Service Introduction: =============================== You are one of the best developers in the world and you would like to code anytime, anywhere...

cpio denial of service vulnerability

cpio is a set of file backup tools developed by the GNU Project for use in UNIX operating systems. A security vulnerability exists in cpio that could be exploited by an attacker to crash a cpio instance and cause a denial of service...

DEBIAN-CVE-2015-8791

The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access...

D-Link Webcam Hack Turns IoT Device into Backdoor

Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor. Researchers at Vectra Networks today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turn...

MS16-006: Security Update for Silverlight to Address Remote Code Execution (3126036)

The version of Microsoft Silverlight installed on the remote Windows host is affected by a remote code execution vulnerability due to a flaw that allows strings to be decoded by a malicious decoder that returns negative offsets. An unauthenticated, remote attacker can exploit this vulnerability, ...

SAP Hostcontrol remote DOS

Application: SAP NetWeaver AS Java Versions Affected: SAP NetWeaver AS Java 7.0 – 7.5 Vendor URL: SAP Bug: DoS Reported: 01.11.2016 Vendor response: 02.11.2016 Date of Public Advisory: 13.06.2017 Reference: SAP Security Note 2389181 Authors: Mathieu Geli ERPScan VULNERABILITY INFORMATION Class: D...

netcf remote denial of service vulnerability

netcf is a library for configuring network interfaces. A remote denial of service vulnerability exists in netcf. An attacker could exploit this vulnerability to crash an application and deny service to legitimate users...

WordPress Plugin Pinpoint Booking System SQL Injection Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.Pinpoint Booking System is one of the plugins used to create a booking or reservation system in a WordPress site. A SQL...

Lithium Forum - Client Side POST Inject Vulnerability

Document Title: =============== Lithium Forum - Client Side POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1519 Release Date: ============= 2015-12-22 Vulnerability Laboratory ID VL-ID: ==================================== 1519...

python-rdomanager-oscplugin: NeutronMetadataProxySharedSecret parameter uses default value

It was discovered that Director's NeutronMetadataProxySharedSecret parameter remained specified at the default value of 'unset'. This value is used by OpenStack Networking to sign instance headers; if unchanged, an attacker knowing the shared secret could use this flaw to spoof OpenStack Networki...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2015-08344)

IBM WebSphere Portal is a suite of enterprise portal software from IBM in the United States. A cross-site scripting vulnerability exists in IBM WebSphere Portal. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other attacks...

Apple iOS URL Forgery Vulnerability

Apple iOS is an operating system developed by Apple for use in cell phones and other devices. A security vulnerability exists in Apple iOS that allows attackers to exploit a vulnerability to build malicious web pages that can be spoofed URLs by tricking users into parsing them...

Microsoft Windows Library Loading Remote Code Execution Vulnerability (CNVD-2015-08040)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists in Microsoft Windows that originates from a program failing to properly validate input before loading a library. An attacker could exploit the vulnerability ...

Red Hat JBoss Portal Security Bypass Vulnerability

Red Hat JBoss Portal is an open source and standards-compliant portal platform from Red Hat Red Hat. The platform can build , layout of a portal Web interface for publishing , managing content and customizing the user experience. A security vulnerability exists in the Red Hat JBoss Portal 6.x...

ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...