Cisco IOS XR RIP Version 2 Crafted Packet Processing Denial of Service Vulnerability

A vulnerability in the Routing Information Protocol RIP process of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the RIP process to crash. The vulnerability is due to insufficient input validations of the packet. An attacker could exploit this vulnerability by...

PCMAN FTP 2.07 STOR Command - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: PCMAN FTP 2.07 STOR Command - buffer overflow Date: 18 Agosto 2013 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Contact: email protected Version: PCMAN FTP 2.07 STOR Command Tested on...

Oracle Java - 'storeImageArray()' Invalid Array Indexing

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +------------------------------------------------------------------------------+ | Packet Storm Advisory 2013-0811-1 | | http://packetstormsecurity.com/ | +------------------------------------------------------------------------------+ | Title: Oracle...

Cisco WebEx Error Message Information Disclosure Vulnerability

A vulnerability in Cisco WebEx could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to improper error messages displayed by the affected software when handling requests to view another user's files. An attacker could exploit this vulnerability by...

Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation

Agnitum Outpost Security Suite 8.1 - Local Privilege Escalation Exploit Title: Agnitum Outpost security suite privilege escalation - 0Day Date: 2013-08-02 Exploit Author: Ahmad Moghimi http://mallocat.com , https://twitter.com/mall0cat Vendor Homepage: http://www.agnitum.com/ Software Link:...

Cisco WebEx Meetings Server Inactive User Authentication Bypass Vulnerability

A vulnerability in the web interface of Cisco WebEx Meetings Server could allow an authenticated, remote attacker to manage meetings, including scheduling of meetings, after the authenticated user has been deactivated. The vulnerability is due to a failure to verify the active status of users...

Cisco Unified Operations Manager Cross-Site Scripting Vulnerability

Vulnerabilities in the administrative web interface of Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to execute cross-site scripting attacks or hijack user sessions. The vulnerabilities are due to a failure to properly validate user supplied input as well as...

Super Player 3500 - '.m3u' Local Stack Buffer Overflow

!/usr/bin/perl SuperPlayer3500 Local stack based buffer overflow Author:jun Email:[email protected] Date:Tue Jul 22 2013 Vendor Link:http://www.haojie.cn Software Link:http://www.haojie.cn/download/setup3500.exe App Version:3500 Tested on:windows xp sp3 $file = "superplay3500exp.M3U"; $junk = "...

Cisco Unified Operations Manager HTTP Header Injection Vulnerability

A vulnerability in Cisco Unified Operations Manager could allow an unauthenticated, remote attacker to cause arbitrary HTML or scripts to be executed in a user's browser. The vulnerability is due to a failure to properly validate application URLs. An attacker could exploit this vulnerability by...

Disaster date: the Internet in China was tragically Struts2 high-risk vulnerabilities-torn-vulnerability warning-the black bar safety net

Struts is the Apache Foundation's Jakarta project team an open source project, Struts by using Java Servlet/JSP technology, the Java EE-based Web applications Model-View-Controller（MVC design pattern application framework, MVC is a classic design pattern in a classic product. Currently, the Strut...

Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability

A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...

Cisco Unified MeetingPlace Web Conferencing Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Unified MeetingPlace could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against users of the web interface on the affected system. The vulnerability is due to insufficient input validation of a parameter. An...

Cisco Secure Access Control System Admin/View Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Cisco Access Control System ACS Administration and View pages could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by...

Cisco Unified Communications Domain Manager Memory Exhaustion Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager could allow an authenticated, remote attacker to exhaust available memory and crash several critical processes. The vulnerability is due to improper memory allocation when the affected system receives crafted HTTP...

Vulnerability allows Hacking Facebook account and password reset within a minute

Security expert Dan Melamed discovered a critical vulnerability in Facebook platform that allow an attacker to take complete control over any account. The vulnerability is considered critical because it would allow a hacker to hack potentially any Facebook account. Dan Melamed presented the...

Multiple Vulnerabilities in Kasseler CMS

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the IptAccountMgmt, IptFeatureDisplayPolicyMgmt, IptFeatureConfigTemplateMgmt, and IptProviderMgmt pages of the Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. The vulnerability is due to...

Attackers Targeting MS13-055 IE Vulnerability

Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that’s being used is capable of bypassing both ASLR and DEP...

Android Master Key Bug Details Made Public

The details of the Android vulnerability that enables an attacker to create a malicious update to an APK file without breaking its cryptographic signature have become public but it appears as though Google will have a patch ready for the flaw by the time it’s fully disclosed early next month. The...

Real Player <= 16.0.2.32 资源耗尽漏洞

CVECAN ID: CVE-2013-3299 RealPlayer是网上收听收看实时音频、视频和Flash的工具 Real Player = 16.0.2.32在实现上存在资源耗尽漏洞，在处理特制的HTML文件时，Real Player使用了该文件中的值控制循环操作，在使用该值之前未能正确验证，导致拒绝服务 0 Real Networks RealPlayer = 16.0.2.32 厂商补丁： Real Networks ------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...