Yealink VOIP Phone - Persistent Cross-Site Scripting

============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Homepage:...

(0Day) HP StorageWorks P2000 G3 Directory Traversal and Default Account Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP MSA 2000 G3. Authentication is not required to exploit this vulnerability. The specific flaws exists within the web interface listening on TCP port 80. There exists a directory traversal flaw th...

HP Managed Printing Administration img_id Multiple Vulnerabilities

This vulnerability allows remote attackers to remotely manipulate the application database and delete arbitrary files on vulnerable installations of HP Managed Printing Administration. Authentication is not required to exploit this vulnerability. The specific flaw exists and is duplicated within...

Symantec IM Manager IMAdminLDAPConfig.asp SQL injection

Added: 10/31/2011 CVE: CVE-2011-0553 BID: 49738 OSVDB: 75984 Background Symantec IM Manager is a solution for managing and securing instant-messaging traffic in an enterprise. Problem An SQL injection vulnerability in IMAdminLDAPConfig.asp allows remote, authenticated attackers to execute arbitra...

Novell Cloud Manager Insufficient Framework User Validation Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Novell Cloud Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within how the application implements an RPC method. Due to incompletely initializing an...

ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities

ManageEngine ServiceDesk Plus 8.0 Build 8013 - Multiple Cross-Site Scripting Vulnerabilities ======================================================================= Secur-I Research Group Security Advisory SV-2011-003 ======================================================================= Title:...

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery Secur-I Research Group Security Advisory ======================================================================= Title: OpenX Ad Server CSRF Vulnerability Product: OpenX Ad Server Vulnerable version: 2.8.7 and probably earlier versions Fixed...

Symantec Endpoint Protection File Overwrite

SUMMARY Symantec Endpoint Protection SEP Manager reporting module allows a php file overwrite from an authorized client that could potentially allow execution of arbitrary code on the server-side. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Endpoint Protection | 11.x |...

Symantec IM Manager Administrative Interface SummaryReportGroup.lgx Definition File SQL Injection Vulnerabilities

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Symantec IM Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the rdpageimlogic.aspx page which is exposed through an IIS extension on the defau...

IBM DB2 install_jar Arbitrary File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of IBM DB2. Authentication is required in that a user must have the ability to connect to the database. The specific flaw exists within the installjar procedure. The installjar procedure contains a...

Micro CMS v1.0 b1 Persistent XSS Vulnerability

Exploit for php platform in category web applications ============================================== Micro CMS v1.0 b1 Persistent XSS Vulnerability ============================================== Class: Persistent Cross-Site Scripting Severity: High Overview: --------- Micro CMS is prone to...

MVSA-10-007 / CVE-2010-0152 - IBM Proventia Mail Security System - Multiple persistent and reflected XSS vulnerabilities

Security Advisory: MVSA-10-007 / CVE-2010-0152 Vendor: IBM Products: Proventia Network Mail Security System Vulnerabilities: Multiple Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Authentication: Not Required/Required Reference:...

RJ-iTop Network Vulnerability Scanner System - Multiple SQL Injections

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanne...

Symantec IM Manager Local-Access Cross-site Scripting

SUMMARY Symantecs IM Manager management console is susceptible to a cross-site scripting issue. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec IM Manager | 8.3 and 8.4 | Upgrade to 8.4.13 Note: Customers running 8.3 versions of Symantec IM Manager should upgrade to the lates...

Symantec Client Proxy Buffer Overflow in Older Product Versions

SUMMARY The Symantec Client Proxy integrated into older versions of Symantec AntiVirus and Symantec Client Security is vulnerable to a buffer overflow. AFFECTED PRODUCTS Product | Version | Solutions ---|---|--- Symantec AntiVirus | 10.0.x | Upgrade to SAV 10.1 MR9 10.1.x | Upgrade to to MR9 10.2...

Zenoss 2.3.3 SQL Injection

nGenuity Information Services -- Security Advisory Advisory ID: NGENUITY-2010-001 - Zenoss getJSONEventsInfo SQL Injection Application: Zenoss 2.3.3 Vendor: Zenoss Vendor website: http://www.zenoss.com Author: Adam Baldwin [email protected] Authentication: Valid user or admin session...

Team SHATTER Security Advisory: Oracle Database SQL Injection in SYS.DBMS_CDC_IPUBLISH.ALTER_HOTLOG_INTERNAL_CSOURCE

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Oracle Database SQL Injection in SYS.DBMSCDCIPUBLISH.ALTERHOTLOGINTERNALCSOURCE November 12, 2008 Risk Level: Medium Affected versions: Oracle Database Server versions 10gR1, 10gR2 and 11gR1 Remote exploitable: Yes...

umail-filewrite.txt

U-Mail Webmail Arbitrary File Write Vulnerability ================================================== Vulnerable: U-Mail 4.91 Vendors: www.comingchina.com Category: Input Validation Error Impact: An attacker can write arbitrary data to new files. Author: Shennan Wang Date: 2008-10-30 Web:...

CVE-2008-2831

Multiple cross-site scripting XSS vulnerabilities in the delegated spam management feature in the Spam Quarantine Management SQM component in MailMarshal SMTP 6.0.3.8 through 6.3.0.0 allow user-assisted remote authenticated users to inject arbitrary web script or HTML via 1 the list of blocked...

graffiti-sql.txt

Grafitti Forums v1.0 Remote SQL Injection/HTML Injection + Discovered By SirGod + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,HrN,kemrayz,007m,str0ke + Remote SQL Injection Vulnerabilities PoC : http://target/path/topics.php?f=SQL Example : http://127.0.0.1/topics.php?f=-1 union all select...