EUVD-2012-1490

Malware in sbrugna...

CVE-2013-3520

VMware vCenter Chargeback Manager aka CBM before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2012-1472

VMware vCenter Chargeback Manager aka CBM before 2.0.1 does not properly handle XML API requests, which allows remote attackers to read arbitrary files or cause a denial of service via unspecified vectors...

Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches

As the holiday shopping season gets into full swing, merchants aren’t the only ones expecting to have a prosperous year. Fraudsters, too, are out to grab their illicit share of the money changing hands or accounts in the weeks ahead. Especially susceptible to theft by fraud are millions of...

Shopify: [h1-2102] [Yaworski's Broskis] Suspected overcharge and chargebacks in PoS

Summary: NOTE: This one need verification from the side of Shopify as we can't set up a real payment GW or check the logs of the test one When checking out in PoS and paying with credit card, it is possible to manipulate numbers in the end request to overcharge a client charge more than the item...

Information disclosure

An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the...

HPE Asset Manager Arbitrary Code Execution Vulnerability

HP AssetManager is a solution for managing the lifecycle of IT assets. A security vulnerability exists in HPE Asset Manager 9.40, 9.41, 9.50, and Asset Manager CloudSystem Chargeback 9.40, which can be exploited by remote attackers to execute arbitrary commands via constructed serialized Java...

VMware vCenter Chargeback Manager Multiple Java Vulnerabilities (VMSA-2015-0003) (POODLE)

The version of VMware vCenter Chargeback Manager installed on the remote host is affected by a man-in-the-middle MitM information disclosure vulnerability known as POODLE. The vulnerability is due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in...

VMware vCenter Chargeback Manager Multiple OpenSSL Vulnerabilities (VMSA-2014-0006)

The version of vCenter Chargeback Manager installed on the remote host is 2.6.0. It is, therefore, affected by the following OpenSSL related vulnerabilities : - An error exists in the function 'ssl3readbytes' that could allow data to be injected into other sessions or allow denial of service...

VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

LoopHole in PayPal Terms Allows Anyone to Double PayPal Money Endlessly

Many of us own a PayPal account for easy online transactions, but most of us don’t have balance in our PayPal Account. But what will happen if your money doubles, triple...or even more folds in just some couple of hours ?? Sounds cherishing!! A loophole in the popular digital payment and money...

VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload (CVE-2013-3520)

An Arbitrary File Upload vulnerability has been reported in VMware vCenter Chargeback Manager...

VMware vCenter - Chargeback Manager ImageUploadServlet Arbitrary File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache.Win32/ include...

VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache.Win32/ include...

VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload

This Metasploit module exploits a code execution flaw in VMware vCenter Chargeback Manager, where the ImageUploadServlet servlet allows unauthenticated file upload. The files are uploaded to the /cbmui/images/ web path, where JSP code execution is allowed. The module has been tested successfully ...

VMware vCenter Chargeback Manager ImageUploadServlet Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of VMware vCenter Chargeback Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the ImageUploadServlet. This service exposes...

CVE-2013-3520

VMware vCenter Chargeback Manager aka CBM before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors...

Code injection

VMware vCenter Chargeback Manager aka CBM before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2013-3520

CVE-2013-3520 affects VMware vCenter Chargeback Manager (CBM) prior to 2.5.1. The vulnerability arises from improper handling of uploads in the ImageUploadServlet, enabling remote attackers to upload files and execute arbitrary code via unspecified vectors. Reported in multiple feeds (NVD/NVD-der...

CVE-2013-3520

VMware vCenter Chargeback Manager aka CBM before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors...