7377 matches found
Vulnerabilities in AI-Bolit
Hello 3APA3A! These are Brute Force and Information Leakage vulnerabilities in AI-Bolit. This is security web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions of AI-Bolit. In version 20121014 the filename format was changed with addin...
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link:...
bo:VideoJS, 2.1.1,
bo:VideoJS, 2.1.1, xss From developerhttp://www.boeschung.de/en/joomla/bo-videojs/video-js-v320...
IBM Rational Business Developer Installed
IBM Rational Business Developer, an Eclipse-based programming workbench, is installed on the remote Windows host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid66306; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate", value:"2023/02/06";...
IBM Rational Business Developer 8.x < 8.0.1.4 Information Disclosure
The version of IBM Rational Business Developer installed on the remote Windows host is affected by an unspecified vulnerability that could lead to potentially sensitive information being revealed to an untrusted client. C Tenable Network Security, Inc. include"compat.inc"; if description...
Hacker Jailbreaks Google Glass for Root Access Unlock
On Friday, Jay Freeman announced on Twitter that he exploited a known vulnerability and subsequently achieved root access to his developer-model of Google Glass – Google’s highly anticipated, wearable, head-mounted computer. Around the same time, another notable hacker, Liam McLoughlin, tweeted...
Hacker jailbreak Google Glass to gain root access
After only a few days since the developer edition of Google Glass landed, Jay Freeman aka "Saurik" has jailbroken it. Though Google Glass run on Android 4.0 Ice Cream Sandwich, he get root access using an exploit first discovered by another hacker named B1nary. Freeman, who obtained the device by...
Hacker jailbreak Google Glass to gain root access
After only a few days since the developer edition of Google Glass landed, Jay Freeman aka "Saurik" has jailbroken it. Though Google Glass run on Android 4.0 Ice Cream Sandwich, he get root access using an exploit first discovered by another hacker named B1nary. Freeman, who obtained the device by...
aiContactSafe 2.0.19
xss 160413 developer release statement for version 2.0.21 Authors:...
[SECURITY] Fedora 19 Update: drupal7-ctools-1.3-1.fc19
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
JVN#06251813: Multiple Cybozu products vulnerable to cross-site request forgery
Multiple Cybozu products contain a cross-site request forgery vulnerability. Impact If a user accesses a specially crafted URL while logged in, user passwords or administrator passwords may be altered. Solution Update the Software Update to the latest version according to the information provided...
Fedora Update for drupal7-ctools FEDORA-2013-4980
Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2013-4980 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
[SECURITY] Fedora 17 Update: drupal7-ctools-1.3-1.fc17
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
[SECURITY] Fedora 18 Update: drupal7-ctools-1.3-1.fc18
This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...
Dotclear 2.4.4 Cross Site Scripting / Content Spoofing
Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...
JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing
Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...
URL Redirection flaw in Facebook apps push OAuth vulnerability again in action
In earlier posts, our Facebook hacker 'Nir Goldshlager' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrat...
WHMCS Grouppay 1.5 SQL Injection
Tile: WHMCS grouppay plugin SQL Injection = 1.5 Author: HJauditing Employee Tim E-mail: [email protected] Web: http://hjauditing.com/ Plugin: http://kadeo.com.au/design-and-development/whmcs-dev/whmcs-modules/72-group-pay.html ============ Introduction ============ We have found a SQL injection...
Code injection
Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...
CVE-2013-0918
CVE-2013-0918 affects Google Chrome pre-26.0.1410.43. The vulnerability arises from not preventing navigation to developer tools during a drag-and-drop operation, enabling user-assisted remote attackers to impact via a crafted site. Connected advisories (OpenVAS/Nessus) confirm the CVE across pla...