XOOPS 2.5.7.2 Cross Site Request Forgery

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/XOOPS-CSRF.txt Vendor: ============= xoops.org Product: ================ Xoops 2.5.7.2 Vulnerability Type: =================================== CSRF - Arbitrary User Deletions...

The vulnerabilities of the FlexNet Publisher software management tool allow a perpetrator to execute arbitrary code.

The multiple vulnerabilities of the lmgrd and Vendor Daemon components of the FlexNet Publisher license management software are caused by buffer overflow attacks. Exploiting these vulnerabilities allows a malicious actor to execute arbitrary code remotely, using a specially crafted package...

Information Disclosure Vulnerability in Multiple Netgear Devices

Netgear is a global leader in enterprise networking solutions and a champion of digital home networking applications. An information disclosure vulnerability exists in a number of Netgear devices, where the device has an authentication bypass page that can be exploited by an attacker to obtain...

Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability

Document Title: =============== Fing v3.3.0 iOS - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1772 Release Date: ============= 2016-02-28 Vulnerability Laboratory ID VL-ID: ====================================...

Trend Micro Direct Pass -Persistent Web Vulnerability

Document Title: =============== Trend Micro Direct Pass -Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1712 Release Date: ============= 2016-02-05 Vulnerability Laboratory ID VL-ID: ==================================== 1712...

Barracuda Networks SN #52 - Persistent Web Vulnerability

Document Title: =============== Barracuda Networks SN 52 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1297 BNSEC ID: 0004001004 Tracking ID: CAS-03491-K1X2V0 Release Date: ============= 2016-02-03 Vulnerability Laborator...

Stop Error "0x0000005D" or "0x000000C4" Appears When Installing Windows Server 2012 in XenServer 6.x

Stop Error "0x0000005D" or "0x000000C4" appears when starting a Virtual Machine from the Windows Server 2012 ISO, in order to install the system. The error occurs right after loading the setup files, before the actual setup starts...

WordPress Gallery Master 1.0.22 Cross Site Scripting

Exploit : For Exploiting This Vulnerability Install Testimonial Slider Plugin Then Create New SGallery In Gallery Title Input And Gallery Description Place Your JavaScript Code After Creating Gallery JavaScript Code Will Be Executed . Plugin Is Accessable By Authors , Administartors , Editors...

[SECURITY] Fedora 23 Update: sundials-2.6.2-11.fc23

SUNDIALS is a SUite of Non-linear DIfferential/ALgebraic equation Solvers for use in writing mathematical software. SUNDIALS was implemented with the goal of providing robust time integrators and nonlinear solvers that can easily be incorporated into existing simulat ion codes. The primary design...

HackerOne: Pre-generation of 2FA secret/backup codes seems like an unnecessary risk

If you manage to get a malicious script running in HackerOne, requesting https://hackerone.com/settings/authentication/edit and parsing out the two factor authentication form will yield either… - the 2FA secret key and backup codes that will be used if 2FA is enabled for the first time this sessi...

CVE-2001-1013

Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no publichtml directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server...

WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability

Document Title: =============== WiFi Drive CR v1.0 iOS - Persistent Filename Dir List Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID:...

MobSF (Mobile Security Framework) - Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework MobSF is an intelligent, all-in-one open source mobile application Android/iOS automated pen-testing framework capable of performing static and dynamic analysis. We've been depending on multiple tools to carry out reversing, decoding, debugging, code review, and pen-test...

Stagefright Bug 2.0 — One Billion Android SmartPhones Vulnerable to Hacking

Attention Android users! More than 1 Billion Android devices are vulnerable to hackers once again – Thanks to newly disclosed two new Android Stagefright vulnerabilities. Yes, Android Stagefright bug is Back… …and this time, the flaw allows an attacker to hack Android smartphones just by tricking...

WiFi Drive + CR v1.0 iOS - Persistent Filename Vulnerability

Document Title: =============== WiFi Drive + CR v1.0 iOS - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1595 Release Date: ============= 2015-09-23 Vulnerability Laboratory ID VL-ID: ==================================...

WordPress ALO EasyMail Newsletter 2.6 CSRF / Cross Site Scripting

Exploit Title: Wordpress ALO EasyMail Newsletter CSRF/XSS Exploit Author: Ashiyane Digital Security Team Vendor Homepage: https://wordpress.org/plugins/alo-easymail/ Software Link: https://downloads.wordpress.org/plugin/alo-easymail.2.6.00.zip Version: 2.6 Date: 2015-09-15 Tested on: windows 7...

HUAWEI MobiConnect 23.9.17.216 - Privilege Escalation

A local privilege escalation vulnerability has been discovered in the official HUAWEI MobiConnect 23.009.17.00.216 software. The local security vulnerability allows an attackers to gain higher access privileges by execution of arbitrary codes in connection with dll hijacking. The security risk of...

Pligg CMS 2.0.2 - Arbitrary Code Execution Exploit

Exploit for php platform in category web applications Hacked '; Code You Can Customize Exploit For Your Self . Exploit : -- textarea type="hidden"id="textarea-1" name="pageconten...

OwnStar Attack Now Aimed at BMW, Chrysler, Mercedes Cars

The OwnStar attack that hacker Samy Kamkar revealed late last month can be used against not only GM vehicles, but cars manufactured by Mercedes-Benz, BMW, and Chrysler, as well. The attack allows Kamkar to intercept the traffic from nearby mobile phones that have specific apps open that control...

Two Dozen Zoos Potentially Hit by Data Breach

Anyone who’s visited one of two dozen zoos across America over the last several months may want to check their credit and debit card statements. A third party operator of concessions and retail services at zoos from Hawaii to Florida acknowledged this week that it was hit by a data breach earlier...