IBM WebSphere Portal Error Codes Information Disclosure (PI21858)

The version of IBM WebSphere Portal on the remote host is affected by an information disclosure vulnerability by returning error codes. A remote attacker can exploit this issue to identify devices behind a firewall. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Verizon to Bolster Authentication with QR Codes

If you want to know what the future holds for authentication on the web, it all depends whom you ask. Some say it’ll come in the form of biometrics – iris and fingerprint scans, etc. Others say the answer lies in a tangle of constantly changing two-factor verification codes users need to punch in...

Barracuda Web Security Flex 4.1 - Persistent Vulnerabilities

Document Title: =============== Barracuda Web Security Flex 4.1 - Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=750 BARRACUDA NETWORK SECURITY ID: BNSEC-699 Release Date: ============= 2014-08-22 Vulnerability Laboratory ID...

Barracuda Networks WSF - Filter Bypass & Persistent Bug

Document Title: =============== Barracuda Networks WSF - Filter Bypass & Persistent Bug References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1205 View: http://www.youtube.com/watch?v=1D9PS4bW8VM Advisory: http://www.vulnerability-lab.com/getcontent.php?id=749 Release Date:...

Android Exploited to Make, End Phone Calls; Send USSD Codes

A pair of vulnerabilities in all but the newest KitKat iteration of Google’s Android operating system could let a malicious or rogue application exceed its permission level in order to make phone calls, hang up phone calls, or send USSD or MMI codes. Marco Lux and Pedro Umbelino of Curesec claim...

Havij <= 1.10 - Persistent XSS

No description provided by source. Exploit Title: Havij Persistent XSS =v1.10 Date: 15/6/2010 Author: hexon Version: 1.10 and below Tested on: Windows XP Service Pack 2 Professional, Windows 7 Code : htttp://site.com/file.php?param=XSS Code Havij Persistent XSS =v1.10 By : Hkhexon [email protected]...

nightfall personal diary 1.0 (xss/dd) Multiple Vulnerabilities

-----------------------------OffensiveTrack------------------------------ ---------------------------- Tunisian Muslim ------------------------------ found by : OffensiveTrack Author : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : NightFall download :...

adaptcms lite 1.4 (xss/rfi) Multiple Vulnerabilities

No description provided by source. AdaptCMS Lite 1,4 Multiple Vulnes Remote File Include , Remote XSS Free Download : http://213.203.218.125/a/ad/adaptcms/AdaptCMSLite1.4.zip Or : http://www.adaptcms.com/ - Found By : RoMaNcYxHaCkEr - My Site : WwW.Sec-Code.CoM - My Group : Security - Codes Group...

Gazelle CMS 1.0 - Remote Arbitrary Shell Upload Vulnerability

No description provided by source. ==================================================== | Gazelle CMS 1.0 Remote Arbitrary File Upload Vuln | My Home Page : WwW.Sec-Code.CoM | Founded By RoMaNcYxHaCkEr ==================================================== ! Discovered.: RoMaNcYxHaCkEr ! Vendor.......

Islam Sound IV2 - (details.php) Remote SQL Injection

No description provided by source. Lab : ZxH-Lab's Locate : Jordan - Amman City Exploit Title : Islam Sound IV2 details.php Remote SQL Injection Date : 2-2-2011 Author : ZxH-Labs HomeScript : http://www.emides.com/ Version : 2.0 Tested On : Windows Server 2003 IIS...

OSI Codes PHP Live! Support 3.1 - Remote File Inclusion Vulnerability

No description provided by source. ? Homepage : http://www.indonesiancoder.com ? Location : INDONESIA ? Vendor : http://www.phplivesupport.com/ ? Describe : PHP Live! Support v3.1 c by OSI Codes Inc. Chat with your website visitors with PHP Live! Provide Live Support on your Website Increase your...

phpMyAdmin 2.5.7 - Remote code injection Exploit

No description provided by source. / phpmy-explt.c written by Nasir Simbolon nasir kecapi com eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client...

Collabtive 0.65 - Multiple Vulnerabilities

No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...

IPSwitch IMail Server <= 8.1 - Local Password Decryption Utility

No description provided by source. / IpSwitch IMail Server = ver 8.1 User Password Decryption by Adik netmaniac hotmail KG IpSwitch IMail Server uses weak encryption algorithm to encrypt its user passwords. It uses polyalphabetic Vegenere cipher to encrypt its user passwords. This encryption sche...

bitrix site manager 4.0.5 - Remote File Inclusion Vulnerability

No description provided by source. + Author : Don Tukulesto [email protected] + Date : November 13, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : http://www.bitrixsoft.com/ + Method : Remote File Inclusion + Location : INDONESIA Notes : I know this is an old bugs, but i just...

Fedora 20 : gnupg-1.4.17-1.fc20 (2014-7676)

New upstream v1.4.17 - Avoid DoS due to garbled compressed data packets. - Screen keyserver reponses to avoid import of unwanted keys by rogue servers. - Add hash algorithms to the 'sig' records of the colon output. - More specific reason codes for INVRECP status. - Drop gpg.ru.1 Note that Tenabl...

[SE-2014-01] Security vulnerabilities in Oracle Database Java VM

Hello All, Security Explorations discovered multiple security issues in the implementation of a Java VM embedded in Oracle Database software 1. Discovered security issues violate many "Secure Coding Guidelines for the Java Programming Language" 2. Most of them demonstrate a well known problem...

Coinbase: 2FA settings allowed to be changed with no delay/freeze on funds

With the nature of bitcoin's instant transactions and the increase level of phishing/malware attempts on users, many bitcoin related businesses have freeze/delays on funds once a user changes their 2FA settings. That design keeps the 2FA from being defeated instantly if the user's email account h...

DarunGrim - A Patch Analysis and Binary Diffing Tool

DarunGrim is a binary diffing tool. DarunGrim is a free diffing tool which provides binary diffing functionality. Binary diffing is a powerful technique to reverse-engineer patches released by software vendors like Microsoft. Especially by analyzing security patches you can dig into the details o...

Parsero v0.75 - Attacking Robots.txt Files

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the...