dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals

dpkg Source Package - Index: pseudo-header Processing Multiple Local Directory Traversals source: https://www.securityfocus.com/bid/67727/info dpkg is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will...

Pyplate - 'addScript.py' Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/67610/info Pyplate is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. Pyplate 0.08 Beta is vulnerable; other versions may als...

AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities

AssistMyTeam Team Helpdesk - Multiple Information Disclosure Vulnerabilities source: https://www.securityfocus.com/bid/67271/info AssistMyTeam Team Helpdesk is prone to multiple information-disclosure vulnerabilities. Successfully exploiting these issues may allow an attacker to obtain sensitive...

ICOMM 610 Wireless Modem - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/66593/info ICOMM 610 is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. ICOMM 610 01.01.08.991 and prior are vulnerable...

Hacking Maytag: Coin-Operated Laudromat Machines

Most Maytag commercial washers and dryers out there use a common controller platform. It dates back to the 80s and is still produced. So almost all Maytag with digital control panel is exploitable in this way. The identifying features are green vacuum florescent display with a four-digit numerica...

Redmine Repository Controller Command Execution - Ver2 (CVE-2011-4929)

A command execution vulnerability has been reported in Redmine. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Microsoft Releases Security Advisory for Internet Explorer 9 and 10 Use-After-Free Vulnerability

Microsoft has released Security Advisory 2934088 to address a use-after-free vulnerability in Internet Explorer 9 and 10, which can be used by a remote attacker to take control of a vulnerable system. US-CERT and Microsoft are aware of targeted attacks currently exploiting this vulnerability. Use...

08cms GETSHELL vulnerabilities-vulnerability warning-the black bar safety net

08cms GETSHELL Directly on the Exp ? php / Car CMS4. 1 GBK version: exp index. php? tplname=..%252f..%252fdynamic%252fstats%252faclicks. cac shell /dynamic/tplcache/common/....dynamicstatsaclicks.cac.php Decoration of the CMS: shell: /dynamic/dynamic/stats/aclicks.cac.php / $exp = '/tools/ptool...

Command School Student Management System - '/sw/admin_infraction_codes.php?id' SQL Injection

source: https://www.securityfocus.com/bid/64707/info Command School Student Management System is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An HTML injection...

Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)

source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An information-disclosure...

Alienvault Open Source SIEM (OSSIM) - Timestamp Directory Traversal

Alienvault Open Source SIEM OSSIM - Timestamp Directory Traversal source: https://www.securityfocus.com/bid/62899/info Open Source SIEM OSSIM is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker ...

[Nimbostratus] Tools for fingerprinting and exploiting Amazon cloud infrastructures

Nimbostratus are tools for fingerprinting and exploiting Amazon cloud infrastructures. Nimbostratus is the first toolset to help you in the process of pivoting in Amazon AWS clouds Features Enumerate permissions to AWS services for current IAM role Use poorly configured IAM role to create new AWS...

Android Malware Found Exploiting Google Cloud Messaging Service

Researchers have discovered a number of malicious Android apps are using Google’s Cloud Messaging service and leveraging it as a command and control server to carry out attacks. A post on Securelist today by Kaspersky Lab’s Roman Unuchek, breaks down five Trojans that have been spotted checking i...

PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities

PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/61158/info PrestaShop is prone to multiple cross-site request-forgery vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions in the...

Sony CH DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities

Sony CH DH Series IP Cameras - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/60529/info Sony CH and DH series IP cameras including SNCCH140, SNCCH180, SNCCH240, SNCCH280, SNCDH140, SNCDH140T, SNCDH180, SNCDH240, SNCDH240T, and SNCDH280 are prone to...

WordPress Plugin Mail On Update - Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/59932/info The Mail On Update plugin for WordPress is prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks...

Request Tracker - ShowPending SQL Injection

Request Tracker - ShowPending SQL Injection source: https://www.securityfocus.com/bid/59022/info Request Tracker is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker ...

D-Link Devices Multiple Vulnerabilities (Apr 2013) - Active Check

D-Link devices are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MyBB 1.6.6 - 'index.php?conditions[usergroup][]' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52743/info MyBB is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the...

KLA10327 Vulnerabilities in Skype

An unspecified vulnerability was found in Skype. By exploiting this vulnerability malicious users can cause unknown impact via unknown vectors. Original advisories Skype changelog Related products Skype-for-Windows CVE list Solution Update to latest version Affected Products - Skype...