JVN#97200417: SENCHA SNS vulnerable to session fixation

SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...

SA-CONTRIB-2012-054 - Chaos tool suite - Cross Site Scripting (XSS)

CVE: CVE-2012-2082 This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. The...

Supernet CMS Blind SQL injection

Exploit for php platform in category web applications Exploit Title: Supernet CMS BlindSQLi Date: 22.03.2012 Google Dork/s: Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com allintext:"Vse pravice pridržane | © 2006 Supernet.si" site:.si allintext:"Vse pravice pridržane | © 2007 Supernet.si"...

Android FTPServer 1.9.0 Denial Of Service

Exploit Title: Android FTPServer 1.9.0 Remote DoS Date: 03/20/12 Author: G13 Twitter: @g13net Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/ Download Link: http://www.g13net.com/ftpserver.apk Version: 1.9.0 Category: DoS android Vulnerability FTPServer is vulnerable to ...

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

Case YVS Image Gallery

http://osvdb.org/show/osvdb/79477 The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: """ caseisset$POST'dbname': $host = $POST'host'; $dbname = $POST'dbname'; $dbusername = $POST'dbusername'; $dbpasswor...

OneFileCMS 1.1.4 Access Bypass

Exploit Title: OneFileCMS - Failure to Restrict URL Access | Date: 12th March 2012 | Author: Abhi M Balakrishnan | Software Link: https://github.com/rocktronica/OneFileCMS/blob/4340be5355b702c771ef03d4b00c74d358443b38/onefilecms.php | Version: upto 1.1.4 | Tested on: Apache-2.2.17, PHP-5.2.17,...

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

JVN#14791558: Jenkins vulnerable to cross-site scripting

Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...

The Killswitch : They can remotely modify your Window 8

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little...

Gatekeeper to Bring Tight App Controls to OS X Mountain Lion

Apple’s implementation of a semi-new set of technologies collectively known as Gatekeeper in the upcoming Mountain Lion release of Mac OS X is set to give users better control of the security of the machines, specifically which apps are allowed to run. The Gatekeeper system will enable users to...

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

Design/Logic Flaw

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

CVE-2012-0918

CVE-2012-0918 concerns Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite (versions 01-00 through 02-01-/D and 02-01-/C, possibly earlier). Connected sources describe an arbitrary code execution vulnerability that can be exploited remotely via unknown vectors. The root cause,...

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

Microsoft Releases January Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software as part of the Microsoft Security Bulletin Summary for January 2012. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges,...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Microsoft Previews January Patch – And New Class of Vulnerability

Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers...

Microsoft to Issue Seven Bulletins, One Critical, on Patch Tuesday

Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools an...