Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability

Document Title: =============== Feetan Inc WireShare v1.9.1 iOS - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1157 Release Date: ============= 2013-12-05 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2013-0868

libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and 1 unchecked return codes from the initvlc function and 2 "len==0 cases."...

LiveZilla 5.0.1.4 - Remote Code Execution

LiveZilla 5.0.1.4 - Remote Code Execution CVE-2013-6225: Security Advisory – Curesec Research Team 1. Introduction Advisory ID: Cure-2013-1007 Advisory URL: https://www.curesec.com/de/veroeffentlichungen /advisories.html Blog URL: https://cureblog.de/2013/11/remote-code-execution-in-livezilla/...

Out-of-bounds

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

CVE-2013-6020

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

Code injection

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

CVE-2013-6020

The issue (CVE-2013-6020) affects Tyler Technologies TaxWeb 3.13.3.1 and its Password Reset flow (passwordRequestPOST.jsp). The root cause is that invalid password-recovery requests return different HTTP status codes depending on whether the target user exists, enabling remote attackers to enumer...

CVE-2013-6020

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 CVE-ID: 2013-6793 CVE-ID: 2013-6794 Release Date: ============= 2013-10-28 Vulnerability Laboratory ID VL-ID:...

[SECURITY] Fedora 18 Update: drupal7-theme-zen-5.4-1.fc18

Zen is a powerful, yet simple, HTML5 starting theme with a responsive, mobile-first grid design. If you are building your own standards-compliant theme, you will find it much easier to start with Zen than to start with Garland or Stark. This theme has fantastic online documentation...

Modbus Client Utility

This module allows reading and writing data to a PLC using the Modbus protocol. This module is based on the 'modiconstop.rb' Basecamp module from DigitalBond, as well as the mbtget perl script. This module requires Metasploit: https://metasploit.com/download Current source:...

eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability

Document Title: =============== eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1064 Release Date: ============= 2013-08-30 Vulnerability Laboratory ID VL-ID: ===================================...

eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability

Document Title: =============== eTransfer Lite v1.0 iOS - Persistent Filename Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1064 Release Date: ============= 2013-08-30 Vulnerability Laboratory ID VL-ID: ===================================...

http-errors NSE Script

This script crawls through the website and returns any error pages. The script will return all pages sorted by error code that respond with an http code equal or above 400. To change this behaviour, please use the errcodes option. The script, by default, spiders and searches within forty pages. F...

WordPress Usernoise Plugin 3.7.8 - Persistent XSS

Usernoise plugin is prone to a persistent XSS vulnerability, because the user input is not being properly handled when a feedback is submitted. The affected area is the Wordpress admin dashboard. The vulnerability accepts arbitrary codes, including JavaScript. And all JavaScript code is executed...

Fedora Update for nodejs-ansi FEDORA-2013-11780

Check for the Version of nodejs-ansi OpenVAS Vulnerability Test Fedora Update for nodejs-ansi FEDORA-2013-11780 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

[SECURITY] Fedora 18 Update: nodejs-ansi-0.2.0-1.fc18

ansi.js is a module for Node.js that provides an easy-to-use API for writing ANSI escape codes to Stream instances. ANSI escape codes are used to do fan cy things in a terminal window, like render text in colors, delete characters, lines, the entire window, or hide and show the cursor, and lots...

CVE-2013-4872

Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a...

Information disclosure

Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a...

CVE-2013-4872

Google Glass (pre-XE6) vulnerability: improper restriction of QR-code processing allows physically proximate attackers to modify configuration or redirect users to arbitrary sites using a crafted symbol, demonstrated via selecting a Wi‑Fi access point to enable a man‑in‑the‑middle scenario. Impac...