2440 matches found
CrushFTP 7.2.0 Cross Site Request Forgery / Cross Site Scripting
======================================================== I. Overview ======================================================== Multiple CSRF & Cross-Site Scripting XSS vulnerabilities have been identified in Crushftp 7.2.0 Web Interface on default configuration. These vulnerabilities allows an...
Asus RT-N10 Plus Cross Site Scripting
Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router Author: Kaustubh G. Padwad Product: ASUS Router RT-N10 Plus Firmware: 2.1.1.1.70 Severity: Medium Auth: Requierd Description: Vulnerable Parameter: flag= Vulnerability Class: Cross Site Scripting...
REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability
================================================================================ REWTERZ-20140102 - Rewterz - Security Advisory ================================================================================ Title: ManageEngine ServiceDesk Plus User Enumeration Vulnerability Product: ServiceDesk...
ManageEngine ServiceDesk 9.0 SQL Injection Vulnerability
ManageEngine ServiceDesk version 9.0 prior to build 9031 suffers from a remote SQL injection vulnerability. Title: ManageEngine ServiceDesk SQL Injection Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected Version: 9.0 Other versions could also be affected Fixed Version:...
ManageEngine ServiceDesk Plus 9.0 Privilege Escalation Vulnerability
ManageEngine ServiceDesk Plus version 9.0 prior to build 9031 suffers from a remote privilege escalation vulnerability due to improper access controls. Title: ManageEngine ServiceDesk Plus User Privileges Management Vulnerability Product: ServiceDesk Plus http://www.manageengine.com/ Affected...
Session fixation
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...
ntp: Multiple buffer overflows via specially-crafted packets
Multiple buffer overflow flaws were discovered in ntpd's cryptorecv, ctlputdata, and configure functions. A remote attacker could use either of these flaws to send a specially crafted request packet that could crash ntpd or, potentially, execute arbitrary code with the privileges of the ntp user...
CVE-2014-2021
Cross-site scripting XSS vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name...
Hewlett-Packard Intelligent Management Center RssServlet Information Disclosure Vulnerability
This vulnerability allows remote attackers to obtain sensitive information on vulnerable installations of Hewlett-Packard Intelligent Management Center. Authentication is required to exploit this vulnerability. The specific flaw exists within the RssServlet servlet. This servlet exhibits an XML...
Oracle Database 10.1 MDSYS.MD2.SDO_CODE_SIZE Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13145/info Oracle Database is reported prone to a buffer overflow vulnerability. Reportedly this issue affects the 'MDSYS.MD2.SDOCODESIZE' procedure. An attacker can supply excessive data to an affected routine resulting ...
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
No description provided by source. RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.comhttp://www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilitie...
Simple Web Content Management System 1.1-1.3 - Multiple SQL Injection
No description provided by source. Exploit Title: Simple Web Content Management System SQL Injection Date: May 30th 2012 Author: loneferret Version: 1.1 & 1.3 Application Url: http://www.cms-center.com/ Tested on: Ubuntu Server 8.04 / PHP Version 5.2.4-2ubuntu5.23 Discovered by: loneferret Side...
Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability
No description provided by source. ============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product:...
D-Link DSR Router Series - Remote Root Shell Exploit
No description provided by source. !/usr/bin/python CVEs: CVE-2013-5945 - Authentication Bypass by SQL-Injection CVE-2013-5946 - Privilege Escalation by Arbitrary Command Execution Vulnerable Routers: D-Link DSR-150 Firmware v1.08B44 D-Link DSR-150N Firmware v1.05B64 D-Link DSR-250 and DSR-250N...
NetSaro Enterprise Messenger 2.0 - Multiple Vulnerabilities
No description provided by source. =================================================== Secur-I Research Group Security Advisory SV-2011-004 =================================================== Title: NetSaro Enterprise Messenger v2.0 Multiple Vulnerabilities Product: Enterprise Messenger Server...
(0Day) VMware vCenter Server Appliance Ruby vSphere Console Privilege Escalation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Appliance. Authentication is required to exploit this vulnerability. The specific flaw exists within the usage of the Ruby vSphere Console RVC provided by the vCenter Server Applianc...
SQL Injection in mAdserve
High-Tech Bridge Security Research Lab discovered multiple SQL injection vulnerabilities in mAdserve, which can be exploited to execute arbitrary SQL commands in application’s database and compromise vulnerable website. 1 SQL Injection in mAdserve: CVE-2014-2654 1.1 The vulnerability exists due t...
mongodb: memory over-read via incorrect BSON object length
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...
Dell Kace 1000 Systems Management Appliance DS-2014-001 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/65029/info Dell Kace 1000 Systems Management Appliance is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to...