ManageEngine Password Manager Pro SQL Injection Exploit

ManageEngine Password Manager Pro PMP has an authenticated blind SQL injection vulnerability in SQLAdvancedALSearchResult.cc that can be abused to escalate privileges and obtain Super Administrator access. A Super Administrator can then use his privileges to dump the whole password database in CS...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.10.1-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: The 'realname' parameter is not correctly filtered on user account creation, which could lead to user data override. Several...

CVE-2014-3147

Cross-site scripting XSS vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file...

Cross site scripting

Cross-site scripting XSS vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file...

CVE-2014-3147

Cross-site scripting XSS vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file...

CVE-2014-3147

CVE-2014-3147 : Splunk Enterprise is vulnerable to a cross-site scripting (XSS) flaw in the auto-complete feature. The issue allows remote authenticated users to inject arbitrary web script or HTML via a CSV file. Affected: Splunk Enterprise versions before 6.0.4 (docs state the vulnerability exi...

mwebfp - Massive Web Fingerprinter

The "LowNoiseHG LNHG Massive Web Fingerprinter " "mwebfp " from now on was conceived in July 2013 after realizing the usefulness of webserver screenshots to pentesters, during an engagement with large external or internal IP address ranges, as a quick means of identification of critical assets,...

[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.9.1-1.fc21

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

FreeBSD : Bugzilla multiple security issues (b6587341-4d88-11e4-aef9-20cf30e32f6d)

Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name cou...

Bugzilla multiple security issues

Bugzilla Security Advisory Unauthorized Account Creation An attacker creating a new Bugzilla account can override certain parameters when finalizing the account creation that can lead to the user being created with a different email address than originally requested. The overridden login name cou...

[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.8.1-2.fc20

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

WebBrowserPassView v1.56 - Recover lost passwords stored in your Web browser

WebBrowserPassView is a password recovery tool that reveals the passwords stored by the following Web browsers: Internet Explorer Version 4.0 - 11.0, Mozilla Firefox All Versions, Google Chrome, Safari, and Opera. This tool can be used to recover your lost/forgotten password of any Website,...

CVE-2014-2375

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service disk consumption, via the CSV export feature...

CVE-2014-2375 Ecava IntegraXor SCADA Server External Control of File Name or Path

Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service disk consumption, via the CSV export feature...

CVE-2014-2375

CVE-2014-2375 affects Ecava IntegraXor SCADA Server (Stable 4.1.4360 and earlier; Beta 4.1.4392 and earlier) via the CSV export feature, which allows an unauthenticated user to read or write arbitrary files and potentially cause a denial of service. The root cause is External Control of File Name...

Automatic 2.0.3 - csv.php q Parameter SQL Injection

The wp-automatic WordPress plugin was affected by a csv.php q Parameter SQL Injection security vulnerability...

Participants Database < 1.5.4.9 - Unauthenticated SQL Injection

The Participants Database WordPress plugin was affected by an Unauthenticated SQL Injection vulnerability via the query parameter of the export CSV action...

[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.6-1.fc19

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2014-5016

Multiple cross-site scripting XSS vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via 1 the pid attribute to the getAttributejson function to application/controllers/admin/participantsaction.php in CPDB, 2 the sa parameter to...