Cisco Mobility Services Engine Control And Provisioning Information Disclosure Vulnerability

A vulnerability in the Control And Provisioning of the Cisco Mobility Services Engine MSE could allow an authenticated, remote attacker to have read access to sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain log file...

Hacking Team attack code analysis Part 1: Flash 0day-vulnerability warning-the black bar safety net

The recent special offers by attacks techniques for network monitoring hacking company Hacking Team is black, contains the company's email, documents, and the attack Code of 400G data leakage. 360Vulcan Team the first time to obtain the relevant information, and for which exploit code is analyzed...

Cisco Hosted Collaboration Solution Cross-Site Scripting Vulnerability

A vulnerability in Cisco Hosted Collaboration Solution could allow an unauthenticated, remote attacker to perform cross-site scripting XSS attacks. The vulnerability is due to insufficient validation of a user-supplied value. An attacker could exploit this vulnerability by convincing a user to...

Cisco Unified Computing System C-Series Servers Man-in-the-Middle Vulnerability

A vulnerability in the Cisco Integrated Management Controller of the Cisco Unified Computing System UCS C-Series Servers could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL...

WordPress Easy2Map Plugin 1.24 - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: SQL Injection in easy2map wordpress plugin v1.24 Author: Larry W. Cashdollar, @larry0 Date: 2015-06-08 Download Site: https://wordpress.org/plugins/easy2map Vendor: Steven Ellis Vendor Notified: 2015-06-08, fixed in v1.25 Vendor Contact...

Symantec EP 12.1.4013 Denial Of Service

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-SYMANTEC0707.txt Vendor: ================================ Symantec www.symantec.com Product: ================================ Symantec EP 12.1.4013 Advisory Information:...

WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

Symantec Endpoint Protection 12.1.4013 - Service Disabling

Exploit Title: Antivirus Google Dork: intitle: Antivirus Date: 2015-07-07 Exploit Author: John Page hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.symantec.com Software Link: www.symantec.com/endpoint-protection Version:12.1.4013 Tested on: windows 7 SP1 Category: Antivirus...

Cisco Adaptive Security Appliance Software OSPFv2 Denial of Service Vulnerability

A vulnerability in the Open Shortest Path First version 2 OSPFv2 code of Cisco Adaptive Security Appliance ASA Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. The vulnerability is due to improper handling of OSPFv2 packets. An attacker could...

Cisco FireSIGHT Management Center Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco FireSIGHT Management Center which could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protections. An attacker could exploit this vulnerability by tricking the user of a...

Exploit Code for ipTIME firmwares < 9.58 (root RCE against 127 router models)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please find a text-only version below sent to security mailing-lists. The complete version on exploits about my last advisory of ipTIME products is posted here:...

Cisco Unified Communications Domain Manager Information Disclosure Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Application Software could allow an unauthenticated, remote attacker to access content in the bvsmweb directory. The vulnerability is due to insufficient access controls. An attacker could exploit this vulnerabili...

Cisco Unified Presence Server Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Presence Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected system. The vulnerability is due to insufficient input validation of a user-supplied value. An...

Cisco IM and Presence Service Leaked Encrypted Passwords Privilege Escalation Vulnerability

A vulnerability in the Cisco IM and Presence Service could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to improper web page restrictions imposed by the affected software. An authenticated, remote attacker could exploit this vulnerability to access...

Cisco Nexus 9000 Series Software Password Exposure Vulnerability

A vulnerability in Cisco Nexus 9000 Series Software could allow an authenticated, remote attacker to expose passwords in plain text format. The vulnerability is due to older versions of the affected software retaining the ability to decrypt passwords. An attacker could exploit this vulnerability ...

Cisco Unified MeetingPlace Plain Text Password Information Disclosure Vulnerability

A vulnerability in Cisco Unified MeetingPlace could allow an authenticated, remote attacker to view passwords in plain text. The vulnerability is due to the inclusion of sensitive information in the web page source code of the affected software. An attacker could exploit this vulnerability to vie...

Cisco Data Center Analytics Framework Cross-Site Request Forgery Vulnerability

A vulnerability in the Data Center Analytics Framework DCAF application could allow an unauthenticated, remote attacker to execute unwanted actions. The vulnerability is due to insufficient cross-site request forgery CSRF protection. An attacker could exploit this vulnerability by tricking the us...

HP Releases Details, Exploit Code for Unpatched IE Flaws

Researchers at HP’s Zero Day Initiative have disclosed full details and proof-of-concept exploit code for a series of bugs they discovered that allow attackers to bypass a key exploit mitigation in Internet Explorer. The disclosure is a rarity for ZDI. The company typically does not publish...

Cisco IOS Software UBR Devices IPv6 to IPv4 Subsystem Denial of Service Vulnerability

A vulnerability in the IPv6 to IPv4 subsystem of Cisco IOS Software could allow an unauthenticated, remote attacker to cause a standby Performance Routing Engine PRE to leak a small portion of memory on a targeted system, resulting in a denial of service DoS condition. The vulnerability is due to...

Cisco Gateway GPRS Support Node TCP Invalid Packet Vulnerability

A vulnerability in the TCP packet input handler of the Cisco Gateway GPRS Support Node GGSN could allow an unauthenticated, remote attacker to cause a reset of the Session Manager application. The vulnerability is due to improper input validation of the length fields of the TCP/IP header. An...