20 matches found
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
Dead-bugging — what is that, you ask? The concept comes from the idea that a memory chip, once it’s flipped over so you can attach wires to it, looks a little like a dead bug on its back. So why would we do this for the purposes of IoT hacking? The typical reason is if you want to extract the...
bga-vetements.fr XSS vulnerability
Open Bug Bounty ID: OBB-677493 Description| Value ---|--- Affected Website:| bga-vetements.fr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Exagate WEBPack Management System - Multiple Vulnerabilities
Document Title: ================ Exagate WEBpack Management System Multiple Vulnerabilities Author: ======== Halil Dalabasmaz Release Date: ============== 07 OCT 2016 Product & Service Introduction: ================================ WEBPack is the individual built-in user-friendly and skilled web...
SolarWinds Kiwi Syslog Server 9.5.1 - Unquoted Service Path Privilege Escalation
Document Title: ================ SolarWinds Kiwi Syslog Server Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service Introduction: ================================ Kiwi Syslog® Server is an affordable,...
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
Document Title: ================ SolarWinds Kiwi CatTools Unquoted Service Path Privilege Escalation Vulnerability Author: ======== Halil Dalabasmaz Release Date: ============== 29 SEP 2016 Product & Service Introduction: ================================ Kiwi CatTools saves you time by automating...
BGA32.DLL and QBga32.DLL contain multiple vulnerabilities
Overview BGA32.DLL is a compression/decompression library for gza and bza-format files. BGA32.DLL contains multiple vulnerabilities including a buffer overflow because it utilizes vulnerable zlib and bzip2 libraries. QBga32.DLL, which is a wrapper of BGA32.DLL, is also affected. KONDOU, Kazuhiro...
Citrix Netscaler NS10.5 WAF Bypass
Document Title: ============ Citrix Netscaler NS10.5 WAF Bypass via HTTP Header Pollution Release Date: =========== 12 Mar 2015 Product & Service Introduction: ======================== Citrix NetScaler AppFirewall is a comprehensive application security solution that blocks known and unknown...
Beehive Forum 1.4.4 - Persistent Cross-Site Scripting
Document Title: ============ Beehive Forum v1.4.4 Stored XSS Vulnerability Author: ============== Halil Dalabasmaz Release Date: =========== 23 Feb 2015 Product & Service Introduction: ======================== Beehive is an open-source project for creating a high-configurable frame-based discussi...
Proticaret E-Commerce Script 3.0 - SQL Injection (2)
Proticaret E-Commerce Script 3.0 - SQL Injection 2 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...
Proticaret E-Commerce Script 3.0 - SQL Injection Vulnerability
Proticaret E-Commerce Script version 3.0 suffers from a remote SQL injection vulnerability. Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce...
Proticaret E-Commerce Script 3.0 - SQL Injection (2)
Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information: ======================= BGA Security Team discovered...
Proticaret E-Commerce Script 3.0 SQL Injection
Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information: ======================= BGA Security Team discovered...
Proticaret E-Commerce Script 3.0 - SQL Injection (1)
Proticaret E-Commerce Script 3.0 - SQL Injection 1 Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information:...
Proticaret E-Commerce Script 3.0 - SQL Injection (1)
Document Title: ============ Proticaret E-Commerce Script v3.0 = SQL Injection Release Date: =========== 13 Nov 2014 Product & Service Introduction: ======================== Proticaret is a free e-commerce script. Abstract Advisory Information: ======================= BGA Security Team discovered...
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
No description provided by source. Document Title: ============ Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: =========== June 21, 2014 Product & Service Introduction: ======================== Mailspect is the email security and archiving brand of RAE Internet Inc.,...
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure
Flussonic Media Server 4.1.25 4.3.3 - Arbitrary File Disclosure Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with...
Flussonic Media Server 4.1.25 - 4.3.3 - Aribtrary File Disclosure Vulnerability
Exploit for aix platform in category dos / poc Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many...
Flussonic Media Server 4.1.25 < 4.3.3 - Arbitrary File Disclosure
Document Title: ============ Flussonic Media Server 4.3.3 Multiple Vulnerabilities Release Date: =========== June 29, 2014 Product & Service Introduction: ======================== Flussonic is a mutli-protocol streaming server with support for many protocols, including HDS, HLS, RTMP, RTSP, HTTP,...
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities
Mailspect Control Panel 4.0.5 - Multiple Vulnerabilities Document Title: ============ Mailspect Control Panel version 4.0.5 Multiple Vulnerabilities Release Date: =========== June 21, 2014 Product & Service Introduction: ======================== Mailspect is the email security and archiving brand...
[BGA - SignalSEC Advisory]:Adobe Shockwave Player Remote Code Execution
Affected Vendors: Adobe Affected Products: Shockwave Player CVE ID: CVE-2011-2122 Risk Level: High Vulnerability: Memory Corruption Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of the Adobe Shockwave Player. User interacti...