SugarCRM 6.3.1 unserialize() PHP Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'SugarCRM %q This module exploits a ph...

Metropolis Technologies OfficeWatch Directory Traversal Vulnerability

Metropolis Technologies OfficeWatch is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to obtain sensitive information that could aid in further attacks. OpenVAS Vulnerability Test $Id:...

Atlassian JIRA FishEye 2.5.7 / Crucible 2.5.7 Plugins - XML Parsing Security

source: https://www.securityfocus.com/bid/53603/info The FishEye and Crucible plugins for JIRA are prone to an unspecified security vulnerability because they fail to properly handle crafted XML data. Exploiting this issue allows remote attackers to cause denial-of-service conditions or to disclo...

Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persistent XSS)

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Axous 1.1.1 Multiple Vulnerabilities CSRF - Persistent XSS Date : 30-04-2012...

Skype Vulnerability Exposing User IP Addresses

Skype Vulnerability Exposing User IP Addresses Skype is warning users following the launch of a site devoted to harvesting user IP addresses.The Skype IP-Finder site allowed third-parties to see a user's last known IP address by simply typing in a user name. A script has been uploaded to Github...

MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities

MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3...

Sybase EAServer Directory Traversal Vulnerability - Active Check

Sybase EAServer is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

$60000 for Exploiting Google Chrome, Hackers at Pwnium work...

$60000 for Exploiting Google Chrome, Hackers at Pwnium work... Google has offered prizes, totalling $1 million, to those who successfully hack the Google Chrome browser at the Pwn2Own hacker contest taking place next week i.e 7 March 2012. Chrome is the only browser in the contest's six year...

Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities

Webglimpse 2.x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52170/info Webglimpse is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to...

Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities

source: https://www.securityfocus.com/bid/52113/info Dolibarr is prone to multiple directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting the issues can allow an attacker to obtain sensitive information that could aid in further attacks...

R2Extreme 1.65 - Stack Buffer Overflow Directory Traversal

R2Extreme 1.65 - Stack Buffer Overflow Directory Traversal source: https://www.securityfocus.com/bid/52061/info R2/Extreme is prone to a stack-based buffer-overflow vulnerability and a directory-traversal vulnerability. Exploiting these issues may allow remote attackers to execute arbitrary code ...

GForge 5.7.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/51799/info GForge is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script on the affected server and steal...

w-CMS <= 2.0.1 Multiple Vulnerabilities - Active Check

w-CMS is prone to multiple HTML-injection vulnerabilities and a local file include LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Distributed Network Protocol v3 'Stop Application' Alert (SCADA) (deprecated)

Binary data 6250.prm...

IpTools 0.1.4 - Tiny TCPIP servers Directory Traversal

IpTools 0.1.4 - Tiny TCPIP servers Directory Traversal source: https://www.securityfocus.com/bid/51311/info IpTools Tiny TCP/IP servers is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this iss...

Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities

Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...

Oxide WebServer - Directory Traversal

Oxide WebServer - Directory Traversal source: https://www.securityfocus.com/bid/50845/info Oxide WebServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this issue will allow an attacker to...

Oxide WebServer - Directory Traversal

source: https://www.securityfocus.com/bid/50845/info Oxide WebServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input submitted to its web interface. Exploiting this issue will allow an attacker to view arbitrary files within the contex...

Manx 1.0.1 - &#039;/admin/admin_pages.php?Filename&#039; Traversal Arbitrary File Access

source: https://www.securityfocus.com/bid/50839/info Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser...

DreamBox DM800 - &#039;file&#039; Local File Disclosure

source: https://www.securityfocus.com/bid/50520/info DreamBox DM800 is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information from local files on...