AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities

AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamical...

minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/55577/info minimal Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

CVE-2012-2775

Unspecified vulnerability in the readvarblockdata function in libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to a large order and an "out of array write in quantcof."...

CVE-2011-5123

CVE-2011-5123 affects the Antivirus component of Comodo Internet Security (before 5.3.175888.1227). The vulnerability arises because the antivirus does not check whether X.509 certificates in signed executable files have been revoked. The provided documents state an unknown impact and potential r...

PT-2012-1362 · 3D · 3D Eqsecure Professional Edition

Name of the Vulnerable Software and Affected Versions: 3D EQSecure Professional Edition version 4.2 Description: A race condition in the software allows local users to bypass kernel-mode hook handlers and execute dangerous code that would otherwise be blocked by a handler but not blocked by...

OpenDocMan 1.2.6.1 Cross Site Request Forgery

Exploit Title: OpenDocMan Password Change CSRF Date: 22/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.opendocman.com/ Software Link: https://github.com/downloads/opendocman/opendocman/opendocman-1.2.6.1.tar.gz Version: 1.2.6.1 Gr33Tz: @aviadgolan , @benhayak,...

JPM Article Blog Script 6 - tid Cross-Site Scripting

JPM Article Blog Script 6 - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/55112/info JPM Article Blog Script 6 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

CVE-2012-4332

The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors related to the SDK...

CVE-2012-2966

CVE-2012-2966 affects Caucho Quercus as distributed in Resin prior to 4.0.29. The issue arises because POST parameters cause overwriting of entries in the SERVER superglobal array, via the Quercus/Resin handling, with unspecified impact and remote attack vectors described in multiple sources. The...

CVE-2012-2965

CVE-2012-2965 affects Caucho Quercus on Resin prior to version 4.0.29. The vulnerability arises from improper handling of unspecified characters in variable names, related to an HTTP Parameter Contamination issue, with unknown impact and remote attack vectors. Remediation per multiple sources is ...

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

Design/Logic Flaw

The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via...

Flogr - tag Multiple Cross-Site Scripting Vulnerabilities

Flogr - tag Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/54354/info Flogr is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

http-phpself-xss NSE Script

Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...

Western Digital's WD TV Live SMP/Hub - Privilege Escalation

Introduction ============ The WD TV Live Streaming Media Player is a consumer device to play various audio and video formats. Additionally it allows access to multiple video streaming services like Netflix, Hulu or Youtube.1 The device allows customization of its user interface and limited remote...

Strato Newsletter Manager Directory Traversal

STRATO Newsletter Manager is vulnerable against Directory Traversal Vendor: www.strato-cgi.de Google Dork: inurl:"newsletter.php.cgi" Exploit: http://server/cgi-bin/newsletter.php.cgi?PHPSESSID=af92ed633ae0d06d1e24d22520f709f7&action=nlshow&nl=../../../../../../../../../../../../../../etc/passwd...

WebSploit Toolkit 1.6 Released

WebSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability Description : +Autopwn - Used From Metasploit For Scan and Exploit Target Service +wmap - Scan,Crawler Target Used From Metasploit wmap plugin +format infector - inject reverse & bind payload into file form...

struts2 xsltResult Local code execution vulnerability

the file: http://svn.apache.org/repos/asf/struts/struts2/trunk/core/src/main/java/org/apache/struts2/views/xslt/XSLTResult.java String pathFromRequest = ServletActionContext.getRequest.getParameter"xslt.location"; path = pathFromRequest; URL resource =...

ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Iciniti Store SQL Injection - Security Advisory - SOS-12-003

Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impact. Manipulation of data Attack...