71 matches found
Semi-Automated Network Penetration Testing Framework: Legion
Legion, a fork of SECFORCE’s Sparta, is an open source, easy-to-use, super-extensible and semi-automated network penetration testing framework that aids in discovery, reconnaissance and exploitation of information systems. Legion is developed and maintained by GoVanguard. Features Automatic recon...
Design/Logic Flaw
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...
CVE-2018-17188
Prior to CouchDB version 2.3.0, CouchDB allowed for runtime-configuration of key components of the database. In some cases, this lead to vulnerabilities where CouchDB admin users could access the underlying operating system as the CouchDB user. Together with other vulnerabilities, it allowed full...
wityCMS 0.6.1 Cross Site Scripting
Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...
Debian Security Advisory DSA 3645-1 (chromium-browser - security update)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2016-5139 GiWan Go discovered a use-after-free issue in the pdfium library. CVE-2016-5140 Ke Liu discovered a use-after-free issue in the pdfium library. CVE-2016-5141 Sergey Glazunov discovered a URL spoofing issue...
FreeBSD : openafs -- information disclosure (017a493f-7db6-11e5-a762-14dae9d210b8)
The OpenAFS development team reports : When constructing an Rx acknowledgment ACK packet, Andrew-derived Rx implementations do not initialize three octets of data that are padding in the C language structure and were inadvertently included in the wire protocol CVE-2015-7762. Additionally, OpenAFS...
DSA-3315-1 chromium-browser - security update
Bulletin has no description...
ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting
ManageEngine Asset Explorer 6.1 - Persistent Cross-Site Scripting Title: =============== ManageEngine Asset Explorer v6.1 - XSS Vulnerability CVE-ID: ==================================== CVE-2015-2169 CVSS: ==================================== 3.5 Product & Service Introduction Taken from their...
suricata -- TLS/DER Parser Bug (DoS)
OISF Development Team reports: The OISF development team is pleased to announce Suricata 2.0.8. This release fixes a number of issues in the 2.0 series. The most important issue is a bug in the DER parser which is used to decode SSL/TLS certificates could crash Suricata. This issue was reported b...
libpurple/pidgin -- multiple vulnerabilities
The pidgin development team reports:...
Hycus CMS Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22737 Reference: http://www.htbridge.ch/advisory/lfiinhycuscms.html Product: Hycus CMS Vendor: Hycus Web Development Team http://www.hycus.com/ Vulnerable Version: 1.0.3 Vendor Notification: 07 December 2010 Vulnerability Type: LFI Status: N...
wu-ftpd 2.4.2/2.5 .0/2.6 .0 - Remote Format String Stack Overwrite (1)
No description provided by source. source: http://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a very serious remote attack in the...
Internet Bug Bounty: SPL ArrayObject/SPLObjectStorage Unserialization Type Confusion Vulnerabilities
This vulnerability was reported directly to the PHP development team. A detailed summary is available here: https://www.sektioneins.de/en/blog/14-08-27-unserialize-typeconfusion.html...
Internet Bug Bounty: Locale::parseLocale Double Free
This bug was reported directly to the PHP development team: https://bugs.php.net/bug.php?id=67349...
Debian Security Advisory DSA 2811-1 (chromium-browser - several vulnerabilities)
Several vulnerabilities have been discovered in the chromium web browser. CVE-2013-6634 Andrey Labunets discovered that the wrong URL was used during validation in the one-click sign on helper. CVE-2013-6635 cloudfuzzer discovered use-after-free issues in the InsertHTML and Indent DOM editing...
GLPI 0.83.8 - Multiple Vulnerabilities
GLPI 0.83.8 - Multiple Vulnerabilities GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 and 0.83.8 Summary: GLPI, an initialism for Gestionnaire libre de parc informatique Free...
GLPI 0.83.8 SQL Injection
GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 and 0.83.8 Summary: GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was...
GLPI 0.83.7 Parameter Traversal Arbitrary File Access Vulnerability
GLPI version 0.83.7 suffers from a parameter traversal vulnerability that allows for arbitrary file access. GLPI v0.83.7 itemtype Parameter Traversal Arbitrary File Access Exploit Vendor: INDEPNET Development Team Product web page: http://www.glpi-project.org Affected version: 0.83.7 Summary: GLP...
Elastix 2.4.0 Cross Site Scripting Vulnerability
Elastix version 2.4.0 suffers from a cross site scripting vulnerability Exploit Title: elastix 2.4.0 XSS Vulnerability Date: 28/05/2013 Exploit Author: cheki Vendor Homepage: elastix.org Software Link: http://www.elastix.org/index.php/en/downloads/main-distro.html Version: Elastix 2.4.0 Stable CV...
CubeCart 5.0.7 Insecure Backup Handling
OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that...