86 matches found
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacturer in China and a global supplier of advanced video surveillance...
Dashlane - DLL Hijacking
Dashlane - DLL Hijacking Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely syn...
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and services across multiple platforms running on-premise,...
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities
IDERA Uptime Monitor 7.8 - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describe three 3 vulnerabilities found in IDERA Uptime Monitor version 7.8. “IDERA Uptime Monitor is a Proactively monitor physical servers, virtual machines, network devices, applications, and...
HPE Intelligent Management Center (iMC) 7.2 (E0403P10) - Code Execution
HPE Intelligent Management Center iMC 7.2 E0403P10 - Code Execution Vulnerability Summary The following advisory describes a Stack Buffer Overflow vulnerability found in HPE Intelligent Management Center version v7.2 E0403P10 Enterprise, this vulnerability leads to an exploitable remote code...
IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Hea
Exploit for windows platform in category web applications Vulnerabilities Summary The following advisory describes six 6 vulnerabilities found in Informix Dynamic Server and Informix Open Admin Tool. IBM Informix Dynamic Server Exceptional, low maintenance online transaction processing OLTP data...
Horde Groupware Webmail 3 / 4 / 5 Code Execution
Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and...
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and...
Fedora 25 : php-horde-Horde-Mime-Viewer (2016-f5fda29032)
HordeMimeViewer 2.2.1 - jan SECURITY: Don't render SVG images in the browser to avoid XSS attacks Reported by Dawid Gounski via Beyond Security's SecuriTeam Secure Disclosure program. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update...
Encryption, Lock Mechanism Vulnerabilities Plague Lock App AppLock
Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts more than 100 million users. A researcher is claiming that the app, which is supposed to securely store photos, videos and other apps, doesn’t really use encryption to do so, it simply hides the files...
WFTPD Server GUI 3.21 Remote Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9908/info WFTPD server front end GUI has been reported to be prone to a denial of service. The issue is reported to present itself if a user who is logged into the affected service issues an FTP request with a large...
PlaySMS <= 0.7 - SQL Injection Exploit
No description provided by source. !/usr/bin/perl PlaySMS version 0.7 and prior SQL Injection PoC Written by Noam Rathaus of Beyond Security Ltd. use IO::Socket; use strict; my $host = $ARGV0; my $remote = IO::Socket::INET-new Proto = tcp, PeerAddr = $host, PeerPort = 80 ; unless $remote die cann...
Polar Helpdesk 3.0 Cookie Based Authentication System Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10775/info Polar Helpdesk is reported prone to a cookie based authentication system bypass vulnerability. It is reported that the authentication and privilege system for Polar Helpdesk is based entirely on the values read...
SQL injection vulnerabilities, producing a privilege escalation (control user).
PMASA-2013-15 Announcement-ID: PMASA-2013-15 Date: 2013-07-28 Updated: 2013-08-06 Summary SQL injection vulnerabilities, producing a privilege escalation control user. Description Due to a missing validation of parameters passed to schemaexport.php and pmdpdf.php, it was possible to inject SQL...
RedHat Update for kernel RHSA-2012:1064-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Vbulletin - Two-Step External Link XSS
Vendor: vBulletin Affected versions: 3.7.x - 3.8.x Mod: Two-Step External Link URL: http://www.vbulletin.org/forum/showthread.php?t=217708 Vulnerability type: XSS Risk rating: Medium Exploit http://FORUM/externalredirect.php?url=XSS Bug File: externalredirect.php line 35 Code: $url =...
Apache 2.0.52 Multiple Space Header DoS (Perl code)
No description provided by source. !/usr/bin/perl Noam Rathaus of Beyond Security Ltd. use strict; use IO::Socket::INET; usage unless @ARGV == 2; my $host = shift@ARGV; my $port = shift@ARGV; my $socket = IO::Socket::INET-newproto='tcp', PeerAddr=$host, PeerPort=$port;...
PlaySMS <= 0.7 SQL Injection Exploit
No description provided by source. !/usr/bin/perl PlaySMS version 0.7 and prior SQL Injection PoC Written by Noam Rathaus of Beyond Security Ltd. use IO::Socket; use strict; my $host = $ARGV0; my $remote = IO::Socket::INET-new Proto = "tcp", PeerAddr = $host, PeerPort = "80" ; unless $remote die...
GLSA-200712-23 : Wireshark: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200712-23 Wireshark: Multiple vulnerabilities Multiple buffer overflows and infinite loops were discovered in multiple dissector and parser components, including those for MP3 and NCP CVE-2007-6111, PPP CVE-2007-6112, DNP...
OpenSSL < 0.9.7l / 0.9.8d SSLv2 Client Crash Exploit
No description provided by source. !/usr/bin/perl Copyrightc Beyond Security Written by Noam Rathaus - based on beSTORM's SSL Server module Exploits vulnerability CVE-2006-4343 - where the SSL client can be crashed by special SSL serverhello response use strict; use IO::Socket;...