Briefcase 4.0 iOS - Code Exec & File Include Vulnerability

Document Title: =============== Briefcase 4.0 iOS - Code Exec & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID: ====================================...

Internet Bug Bounty: Flash Local Sandbox Bypass

Vulnerability already reported to adobe issue 2833 and patched CVE-2014-0554 http://helpx.adobe.com/security/products/flash-player/apsb14-21.html First of all, note that the Adobe Security Bulletin notes: 'Bas Venis and Masato Kinugawa' for the acknowledgement of this CVE. The poc I have reported...

Community Health data leak suspected of the use of the Heartbleed vulnerability-a vulnerability warning-the black bar safety net

When the Heartbleed OpenSSL vulnerability in 4 months is discovered, the security community many experts are warning that the vulnerability could be used to expose sensitive data, although at the time also there is no evidence that attackers are actively using Heartbleed vulnerability. And now, a...

Information disclosure

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response...

OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX...

PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability

Document Title: =============== PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1289 Release Date: ============= 2014-08-04 Vulnerability Laboratory ID VL-ID: ==================================...

iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities

Document Title: =============== iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 1284...

Server: Host Header Poisoning

Due to trusting user supplied input and interpret it as Host header an attacker is able to craft a password reset mail with a link pointing to his own site. If a user clicks on the link or a software e.g. antivirus is accessing the link the attacker is able to reset the user password. For more...

OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30989/info Open Media Collectors Database OpenDb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

torrenttrader 2.08 - Multiple Vulnerabilities

No description provided by source. waraxe-2012-SA089 - Multiple Vulnerabilities in TorrentTrader 2.08 =============================================================================== Author: Janek Vind waraxe Date: 17. September 2012 Location: Estonia, Tartu Web:...

Instant Photo Gallery 1.0 member.php member Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17696/info Instant Photo Gallery is prone to multiple cross-site scripting vulnerabilities. These issues are due to the application's failure to properly sanitize user-supplied input. An attacker may leverage these issues...

Symfony2 - Local File Disclosure

No description provided by source. Sense of Security - Security Advisory - SOS-12-002 Release Date. 05-Mar-2012 Last Update. - Vendor Notification Date. 24-Feb-2012 Product. Symfony2 Platform. PHP Affected versions. 2.0.x - 2.0.10 Severity Rating. Medium Impact. Exposure of sensitive information...

Magic Photo Storage Website admin/approve_member.php _config[site_path] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/21965/info Magic Photo Storage Website is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the...

activePDF WebGrabber ActiveX Control Buffer Overflow

No description provided by source. $Id: activepdfwebgrabber.rb 10998 2010-11-11 22:43:22Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and term...

Apple Mac OS X 10.3.x Help Protocol Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10356/info It has been reported that Mac OS X may be prone to a vulnerability that could allow a remote attacker to execute arbitrary script code on a vulnerable system. The issue presents itself due to the 'help:' protoc...

Oracle Reports Server 10g 9.0.2 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14313/info Multiple remote cross-site scripting vulnerabilities affect Oracle Reports Server. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may...

XMB <= 1.9.6 Final basename() Remote Command Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo XMB = 1.9.6 Final basename 'langfilenew' arbitrary local inclusion / remote commands xctn\n; echo by rgod [email protected]\n; echo site: http://retrogod.altervista.org\n; echo dork: \Powered by XMB\n\n; / works...

Floosietek FTGate Mail Server 1.2 Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10059/info It has been reported that FTGate it prone to a server path disclosure vulnerability. This issue is due to an ill conceived error message that includes the server path. These issues may be leveraged to gain...

Microsoft Internet Explorer 6.0 ADODB.Stream Object File Installation Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security...

Horde <= 3.3.5 Administration Interface admin/cmdshell.php PATH_INFO Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/37351/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser...