SAP NetWeaver Dispatcher DiagTraceR3Info Buffer Overflow

This module exploits a stack buffer overflow in the SAP NetWeaver Dispatcher service. The overflow occurs in the DiagTraceR3Info function and allows a remote attacker to execute arbitrary code by supplying a special crafted Diag packet. The Dispatcher service is only vulnerable if the Developer...

JVN#23009798: Cybozu Live for Android vulnerable to arbitrary Java method execution

Cybozu Live for Android is a client software for Cybozu Live. Cybozu Live for Android contains an arbitrary Java method execution vulnerability. Impact When opening a specially crafted website, an attacker may be able to execute an arbitrary Java method. As a result, information stored in Android...

JVN#69880570: Opera address bar spoofing vulnerability

Opera contains a vulnerability where certain characters may be displayed in the address bar, causing 2 URLs to potentially be indistinguishable from each other. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL bein...

Fedora Update for drupal6-ctools FEDORA-2012-12028

Check for the Version of drupal6-ctools OpenVAS Vulnerability Test Fedora Update for drupal6-ctools FEDORA-2012-12028 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Fedora Update for drupal7-ctools FEDORA-2012-4881

Check for the Version of drupal7-ctools OpenVAS Vulnerability Test Fedora Update for drupal7-ctools FEDORA-2012-4881 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

CVE-2012-3973

The debugger in the developer-tools subsystem in Mozilla Firefox before 15.0, when remote debugging is disabled, does not properly restrict access to the remote-debugging service, which allows remote attackers to execute arbitrary code by leveraging the presence of the HTTPMonitor extension and...

Apache Struts2 Remote Code Execution

Exploit for php platform in category web applications this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url:...

Cube7 CMS SQL Injection

Cube7 CMS Authentication Bypass Vulnerability Software : Cube7 Date : 8/18/2012 Vendor : http://www.hedion.nl/default.asp?node=188&Cube7-CMS Language : ASP Author : ITTIHACK Home : http://ittihack.com Vulnerable File: login.asp Exploit: http://target/admin/login.asp Username:user: 'or''='...

JVN#67435981: LINE for Android vulnerable in handling of implicit intents

LINE for Android provided by NHN Japan, is an application for communication with others. LINE for Android contains a vulnerability in the handling of implicit intents. Impact Information such as messages sent by LINE may be leaked to a third party through a malicious application. Solution Update...

Openconstructor CMS 3.12.0 Reflected XSS

Title: Openconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description: Openconstructo...

JVN#51769987: Yahoo! Toolbar (for Chrome, Safari) vulnerable to toolbar alteration

Yahoo! Toolbar for Chrome, Safari contains a vulnerability where the toolbar may be altered when visiting a specially crafted web page. Impact A remote attacker may alter the toolbar. As a result, keywords entered in the toolbar may be leaked to a third party. Solution Update the software Update ...

CVE-2011-4591

Cross-site scripting XSS vulnerability in the printobject function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states...

NVIDIA Developer Forums Hacked, 400000 user accounts at Risk

Nvidia shut down its Developer Zone online forum today after hackers gained access to members' account details.A statement Nvidia posted on the forum reads, "Nvidia suspended operations today of the Nvidia Developer Zone. We did this in response to attacks on the site by unauthorised third partie...

Three Critical Fixes in July Microsoft Patch Tuesday

Microsoft issued nine bulletins fixing 16 vulnerabilities in the July 2012 edition of Patch Tuesday. Three of the bulletins received Microsoft’s most severe ‘critical’ rating, while the remaining six were deemed merely ‘important.’ First and foremost among the critical patches is MS12-043, a fix...

JVN#80835745: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79111101. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

JVN#79111101: Movable Type plugin MT4i vulnerable to cross-site scripting

MT4i is a Movable Type plugin. MT4i contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN80835745. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informati...

JVN#03582364: YY-BOARD vulnerable to cross-site scripting

YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...

Lidosys CMS SQL Injection / Information Disclosure

Hello list! I'm presenting you the vulnerabilities in LIOOSYS CMS - Polish commercial CMS. These are SQL Injection and Information Leakage vulnerabilities. ------------------------- Affected products: ------------------------- Vulnerable are all versions of the system, except the last one, which...

CVE-2012-2161

CVE-2012-2161 is a cross-site scripting vulnerability in the IBM Eclipse Help System (IEHS) used by multiple IBM products (e.g., InfoSphere Discovery, DB2 Information Center, Sales Center for WebSphere Commerce, IMS Explorer for Development). The flaw resides in IEHS (deferredView.jsp and related...

JVN#33171616: WEB PATIO vulnerable to cross-site scripting

WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the...