CVE-2012-1618

Interaction error in the PostgreSQL JDBC driver before 8.2, when used with a PostgreSQL server with the "standardconformingstrings" option enabled, such as the default configuration of PostgreSQL 9.1, does not properly escape unspecified JDBC statement parameters, which allows remote attackers to...

Some WordPress Themes, Thousands of Sites Open to XSS Vulnerability

A number of WordPress themes being distributed by the developer Parallelus are vulnerable to cross-site scripting XSS attacks, reports said. Themes, bits of PHP and HTML code that alter the look and functionality of sites, are usually installed via WordPress’ dashboard tool or by FTP. According t...

Information disclosure

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

CVE-2012-3319

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

CVE-2012-3319

CVE-2012-3319 affects IBM Rational Business Developer 8.x prior to 8.0.1.4. The vulnerability allows remote attackers to obtain potentially sensitive information via a connection to a web service created with Rational Business Developer. The NVD entry notes a Information Disclosure impact (Confid...

CVE-2012-3319

IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product...

JVN#42014489: Trend Micro Control Manager vulnerable to SQL injection

Trend Micro Control Manager contains a vulnerability in the ad hoc query module, which may result in SQL injection. Impact An arbitrary SQL command may be executed in the backend database the product is referencing. Solution Apply a patch Apply the appropriate patch according to the information...

WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities

Exploit Title: WP-TopBar 4.02 CSRF Date: 2012-09-13 Author: Blake Entrekin Version: 4.02 Download Link: http://downloads.wordpress.org/plugin/wp-topbar.4.02.zip Vendor Link: http://wordpress.org/extend/plugins/wp-topbar/ ------------------- CSRF ------------------- The wp-topbar.php does not...

USN-1548-2: Firefox regression

USN-1548-1 fixed vulnerabilities in Firefox. The new package caused a regression in Private Browsing which could leak sites visited to the browser cache. This update fixes the problem. Original advisory details: Gary Kwong, Christian Holler, Jesse Ruderman, Steve Fink, Bob Clary, Andrew Sutherlan...

SAP NetWeaver Dispatcher - DiagTraceR3Info Buffer Overflow (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SAP NetWeaver Dispatcher...

Mandriva Linux Security Advisory : firefox (MDVSA-2012:145)

Security issues were identified and fixed in mozilla firefox : Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we...

SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow

Exploit for windows platform in category local exploits This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow

This module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer...

JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...

Fedora Update for drupal7-ctools FEDORA-2012-4881

Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2012-4881 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

Fedora Update for drupal6-ctools FEDORA-2012-12028

Check for the Version of drupal6-ctools OpenVAS Vulnerability Test Fedora Update for drupal6-ctools FEDORA-2012-12028 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

JVN#69880570: Opera address bar spoofing vulnerability

Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL bein...

CVE-2012-3973

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and...

Apache Struts2 Remote Code Execution

Exploit for php platform in category web applications this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url:...

Cube7 CMS SQL Injection

Cube7 CMS Authentication Bypass Vulnerability Software : Cube7 Date : 8/18/2012 Vendor : http://www.hedion.nl/default.asp?node=188&Cube7-CMS Language : ASP Author : ITTIHACK Home : http://ittihack.com Vulnerable File: login.asp Exploit: http://target/admin/login.asp Username:user: 'or''='...