Storecalc Simple Web-Server <= 1.2 Directory Traversal Vulnerability - Active Check

Simple web-server is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections

ARSC Really Simple Chat 3.3-rc2 - Cross-Site Scripting Multiple SQL Injections source: https://www.securityfocus.com/bid/48083/info ARSC Really Simple Chat is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize...

XSRF vulnerability in the Social Bookmarking plugin

We have identified and fixed a cross-site request forgery XSRF vulnerability which may affect Confluence instances in a public environment. The XSRF vulnerability is exposed in the Confluence Social Bookmarking plugin. Note that the Social Bookmarking plugin is disabled by default. If you do not...

Novell Netware eDirectory DoS Vulnerability

Exploit for windows platform in category dos / poc nSense Vulnerability Research Security Advisory NSENSE-2011-002 --------------------------------------------------------------- Affected Vendor: Novell Affected Product: Netware, eDirectory Platform: Netware / Linux Impact: Remote Denial of Servi...

Bin Laden Home Videos Feed Google Image Attacks

Online scammers are recycling video and images released in the wake of the U.S. special forces raid on Osama bin Laden’s Pakistani compound to fuel Web based attacks that have been linked to rogue anti virus installations and botnets, according to Kaspersky Lab. Screenshot stills taken from home...

Source Code is the New Hacker Currency !

Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shine...

Joostina (Multiple Components) - SQL Injection

Joostina Multiple Components - SQL Injection source: https://www.securityfocus.com/bid/47595/info Multiple Joostina components are prone to an SQL-injection vulnerability because they fail to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

LightNEasy 3.2.3 - &#039;userhandle&#039; Cookie SQL Injection

source: https://www.securityfocus.com/bid/47541/info LightNEasy is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Viola DVR VIO-4/1000 - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/47509/info Viola DVR is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks. Vio...

webEdition CMS HTML Injection and Local File Include Vulnerabilities

webEdition CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication...

7T Interactive Graphical SCADA System Multiple Security Vulnerabilities

7T Interactive Graphical SCADA System is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Malicious Ads Serving Malware to Spotify Users

Users of free music streaming service, Spotify are reporting that they have been the victims of drive-by malware attacks according to a report from Netcraft. The attacks appear to be coming from third party advertisements which are displayed in the ad-supported version of Spotify’s software. By...

CMS Lokomedia Arbitrary File Download Vulnerability - Active Check

CMS Lokomedia is prone to a vulnerability that lets attackers download arbitrary files. This issue occurs because the application fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and...

Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections

Cosmoshop 10.05.00 - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/46828/info CosmoShop is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input...

CubeCart 2.0.6 XSS and SQLi Vulnerabilities

CubeCart is prone to an SQL injection SQLi and a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VicFTPS 'LIST' Command Remote Denial of Service Vulnerability

VicFTPS is prone to a remote denial-of-service vulnerability because it fails to handle specially crafted input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

The Lesson of Stuxnet and Aurora: Get Back to Basics or Get Owned

SAN FRANCISCO–It’s often said that after decades of work and technological advances, the security industry hasn’t actually solved any problems or made things any better. But that’s not entirely true. The industry has in fact perfected the art of exploiting the scare ’em and snare ’em,...

TinyWebGallery Cross Site Scripting and Local File Include Vulnerabilities

TinyWebGallery is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user- supplied input. A remote attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Greenbone Security Assistant GSA before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirement...

Bugzilla Multiple Vulnerabilities

Bugzilla is prone to the following vulnerabilities: 1. A security-bypass issue. 2. Multiple cross-site scripting vulnerabilities. 3. Multiple cross-site request-forgery vulnerabilities. Successfully exploiting these issues may allow an attacker to bypass certain security restrictions, execute...