USN-2275-1: DBus vulnerabilities

Alban Crequy discovered that dbus-daemon incorrectly sent AccessDenied errors to the service instead of the client when enforcing permissions. A local user can use this issue to possibly deny access to the service. CVE-2014-3477 Alban Crequy discovered that dbus-daemon incorrectly handled certain...

Adobe AIR <= AIR 14.0.0.110 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Adobe AIR on the remote Windows host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...

Adobe AIR for Mac <= 14.0.0.110 Multiple Vulnerabilities (APSB14-17)

According to its version, the instance of Adobe AIR on the remote Mac OS X host is equal or prior to 14.0.0.110. It is, therefore, affected by the following vulnerabilities : - A CSRF bypassing Same Origin Policy vulnerability exists that could leak potentially sensitive data. CVE-2014-4671 -...

PHP 5.4.x < 5.4.30 / 5.5.x < 5.5.14 Multiple Vulnerabilities

Binary data 8320.prm...

NPDS 4.8 /5.0 reply.php image_subject Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

BloofoxCMS 0.3.5 - Information Disclosure Vulnerabilities

No description provided by source. Vulnerability ID: HTB22660 Reference: http://www.htbridge.ch/advisory/informationdisclosureinbloofoxcms1.html Product: BloofoxCMS Vendor: bloofox.com http://bloofox.com/ Vulnerable Version: 0.3.5 and probably prior versions Vendor Notification: 13 October 2010...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Audit Event System Unspecified Replay Attack

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Unspecified Arbitrary File Manipulation

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

CA eSCC r8/1.0,eTrust Audit r8/1.5 Web Server Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/20139/info CA eTrust Security Command Center eSCC and eTrust Audit are prone to multiple vulnerabilities, including: - an information-disclosure issue - an arbitrary-file-deletion issue - a replay issue. These...

Wordpress Plugin Better WP Security - Stored XSS

No description provided by source. ======= Summary ======= Name: Bit51 Better WP Security Plugin - Unauthenticated Stored XSS to RCE Release Date: 30 July 2013 Reference: NGS00500 Discoverer: Richard Warren [email protected] Vendor: Bit51 Vendor Reference: Systems Affected: Bit51 Better...

Uebimiau Webmail <= 2.7.2 - Multiple Vulnerabilities.

No description provided by source. Exploit Title: Uebimiau Webmail = 2.7.2 Multiple Vulnerabilities. Date: 13/03/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.uebimiau.org/ Version: = 2.7.2 Test...

Syslog Server 1.2.3 - Crash PoC

No description provided by source. !/usr/bin/python Exploit Title: Syslog Server 1.2.3 Date: 12th June 2013 Exploit Author: npn Exploit Author Homepage: http://www.iodigitalsec.com/ Vendor Homepage: http://sourceforge.net/users/ghuysmans Software Link:...

NPDS 4.8 /5.0 admin.php language Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

Halo <= 1.05 Broadcast Client Crash Exploit

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h...

Lithtech Engine (new protocol) - Socket Unreacheable DoS

No description provided by source. / by Luigi Auriemma / include stdio.h include stdlib.h include string.h ifdef WIN32 include winsock.h / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include string.h include errno.h...

NPDS 4.8 /5.0 links.php Query Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13803/info NPDS is affected by multiple vulnerabilities resulting from input validation errors. These issues may allow remote attackers to carry out HTML injection, cross-site scripting and SQL injection attacks. This may...

PHPWCMS 1.4.5 r398 Cross Site Request Forgery Vulnerability

No description provided by source. ?php / Exploit Title: PHPWCMS Cross-Site Request Forgery Vulnerability Date: 06/16/2010 Author: Jeremiah Talamantes Software Link: http://phpwcms.googlecode.com/files/phpwcmsr398.zip Version: 1.4.5 r398 Tested on: WinXP SP2 EN on WAMP 2.0 CVE: N/A Jeremiah...

falt4 cms rc4 10.9.2007 Multiple Vulnerabilities

No description provided by source. H - Security Labs Falt4 CMS RC4 10.9.2007 Security Report /Advisory ID : HSEC20071012 General Information -------------------------- Name : Falt4Extreme CMS RC4 10.9.2007 Vendor HomePage :http://sourceforge.net/projects/falt4/ Platforms : PHP && MySQL...

cyclades alterpath manager 1.1 - Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12649/info Cyclades AlterPath Manager is a network device designed to facilitate remote administration of all network-accessible infrastructure resources. Multiple remote vulnerabilities affect Cyclades AlterPath Manager...

deV!Lz Clanportal [DZCP] <= 1.3.6 - Arbitrary File Upload Vulnerability

No description provided by source. S Y N O P S I S / =================' - access: remote severity: high - deV!Lz Clanportal allows nearly arbitrary files to be uploaded and stored on the server's filesystem, which enables anyone, even without a user account, to upload PHP code and execute it,...