Fixed in Apache Tomcat 5.5.36

Moderate: DIGEST authentication weakness CVE-2012-3439 Three weaknesses in Tomcat's implementation of DIGEST authentication were identified and resolved: 1. Tomcat tracked client rather than server nonces and nonce count. 2. When a session ID was present, authentication was bypassed. 3. The user...

Atlassian Crucible Detection

Atlassian Crucible, a web-based code review application written in Java, is hosted on the remote web server. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid59326; scriptversion"1.5"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"Atlassian Crucible Detection";...

DocuWiki 2012/01/25 Cross Site Request Forgery / Cross Site Scripting

DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH Facebook Page :...

DocuWiki 2012/01/25 CSRF / XSS

Exploit for php platform in category web applications DokuWiki Ver.2012/01/25 Latest Version CSRF Add User Exploit Discovered by : Khashayar Fereidani Team Website : HTTP://IRCRASH.COM IRCRASH Security Community Facebook : http://facebook.com/fereidani Twitter : https://twitter.com/!/IRCRASH...

Fedora Update for ReviewBoard FEDORA-2011-15935

Check for the Version of ReviewBoard OpenVAS Vulnerability Test Fedora Update for ReviewBoard FEDORA-2011-15935 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Fedora Update for ReviewBoard FEDORA-2011-15933

Check for the Version of ReviewBoard OpenVAS Vulnerability Test Fedora Update for ReviewBoard FEDORA-2011-15933 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 16 Update: ReviewBoard-1.6.3-1.fc16

Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...

[SECURITY] Fedora 15 Update: ReviewBoard-1.5.7-1.fc15

Review Board is a powerful web-based code review tool that offers developers an easy way to handle code reviews. It scales well from small projects to large companies and offers a variety of tools to take much of the stress and time out of the code review process...

Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting Multiple Security Vulnerabilities

Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting Multiple Security Vulnerabilities source: https://www.securityfocus.com/bid/50456/info Hyperic HQ Enterprise is prone to a cross-site scripting vulnerability and multiple unspecified security vulnerabilities. An attacker may leverage the cross-si...

Hyperic HQ Enterprise 4.5.1 - Cross-Site Scripting / Multiple Security Vulnerabilities

source: https://www.securityfocus.com/bid/50456/info Hyperic HQ Enterprise is prone to a cross-site scripting vulnerability and multiple unspecified security vulnerabilities. An attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting...

ServersCheck Monitoring Software 8.8.x - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/49793/info ServersCheck Monitoring Software is prone to multiple remote input-validation vulnerabilities, including: 1. Multiple HTML-injection vulnerabilities 2. Multiple cross-site scripting vulnerabilities 3. A cross-site request forgery vulnerability ...

BruCON Agnitio workshop Slides and Video Demonstration - Download

BruCON Agnitio workshop Slides and Video Demonstration - Download Workshop by David Rook Security Ninja at BruCON 2011 in Belgium. You can Download Slide from here. Required for the Agnitio hands on demos: A 32bit Windows Operating System XP or 7 preferably – VM will be fine .NET framework 3.5...

SAP NetWeaver servlet JavaDumpService - Multiple XSS

Application: SAP NetWeaver JavaDumpService Versions Affected: SAP NetWeaver JavaDumpService Vendor URL: Bugs: XSS Exploits: YES Reported: 30.07.2011 Vendor response: 02.08.2011 Date of Public Advisory: 30.10.2013 Reference: SAP Security Note 1828801 CVSS: AV:N/AC:M/AU:N/C:N/I:P/A:N 4.3 Author:...

Discover MaosinCMS website system vulnerability testing-vulnerability warning-the black bar safety net

The recent move easy CMS vulnerability can be said to really was a fire, this article written by CMS although there is no move-powerful, but also the presence of injection vulnerabilities. This vulnerability with the tool is swept less than, can be said that the injection has been made by explici...

Bug Count Just One Problem for Facebook Foe Diaspora

Saying that you want to take on the world’s biggest social network is the kind of thing that puts a big target on your back. At least that’s what the ambitious young crew behind Diaspora, an open source alternative to Facebook, found out this week. The Diaspora team pushed out an early as in...

Max CMS2. 0beta (maxcms)SQL injection vulnerability analysis-vulnerability warning-the black bar safety net

This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...

Microsoft Blames Human Error For Critical SMB2 Vulnerability

Microsoft is blaming human error for the the critical SMB v2 vulnerability that exposed Windows users to remote code execution attacks and argues that it’s near impossible to catch these types of bugs with existing code review tools and techniques. According to a post-mortem of the issue by Redmo...

[InterN0T] transLucid 1.75 - Multiple Vulnerabilities

transLucid - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 1.75 newest Info: transLucidonline is the easy website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional...

Translucid 1.75 XSS / HTML Injection

transLucid - Cross Site Scripting and HTML Injection Vulnerabilities Version Affected: 1.75 newest Info: transLucidonline is the easy website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional...

A small BUG in the analysis, imaginary and successfully exploited-vulnerability warning-the black bar safety net

To my point of view, this should be a Bugalthough the use of Don't, but it is worth noting, this small Bug was in my test SystemDev news system found because no much use and is imaginary doctrine, so it and the SystemDev news system vulnerability analysis under this article separately from the...