Apache OpenMeetings 3.1.0 Path Traversal

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu http://domain:5080/openmeetings/admin/backup is vulnerable to path traversal via...

Overstepping Vulnerability in RSAS of Green Alliance Remote Security Assessment System (RSAS)

Green Alliance Remote Security Assessment System referred to as: NSFOCUS RSAS integrates Web application scanning module, which can automate the vulnerability detection of Web applications, Web services and support systems. There is an overstepping vulnerability in NSFOCUS RSAS. Due to incomplete...

Guinevere - Automated Security Assessment Reporting Tool

This tool works with Gauntlet a private tool to automate assessment reporting. Main features include: Generate Assessment Report Export Assessment Generate Retest Report Generate Pentest Checklist Generate Assessment Report This option will generate you .docx report based on the vulnerabilities...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

D-Link DWR-932 Firmware 4.00 - Authentication Bypass

Exploit for hardware platform in category web applications D-Link DWR-932 Firmware = V4.00 Authentication Bypass - Password Disclosure Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: D-Link DWR-932 Tested Version: Firmware V4.00EUb03 Vendor: D-Link http://www.dlink.com/ Product UR...

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is...

WordPress Image Export Plugin 1.1.0 - Arbitrary File Disclosure

An attacker can access wp-config.php and get database credentials. Vulnerability exists in download.php file: localhost/wp/wp-content/plugins/image-export/download.php?file=../../../wp-config.php. Solution Upgrade the plugin...

WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure

Exploit Title: Wordpress image-export LFD Date: 03/21/2016 Exploit Author: AMAR^SHG Vendor Homepage: http://www.1efthander.com Software Link: http://www.1efthander.com/category/wordpress-plugins/image-export Version: Everything is affected including latest 1.1.0 Tested on: Windows/Unix on localho...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.5.5.1-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

openSUSE: Security Advisory for openssl (openSUSE-SU-2016:0720-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2016:0727-1 Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: Mozilla Firefox was updated to 38.7.0 ESR bsc969894, fixing following security issues: MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 MFSA 2016-17/CVE-2016-1954...

Portal Apache Jetspeed 2.3.0 and earlier versions: a remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

! As my personal“friendship detect open source software security”one of the projects I'm ready to play play the Apache Jetspeed 2, which v2. 3 0 one. Jetspeed this stuff, used those words, that is: “An open portal platform and enterprise information portal, completely based on open standards,...

openssl: Divide-and-conquer session key recovery in SSLv2

It was discovered that the SSLv2 servers using OpenSSL accepted SSLv2 connection handshakes that indicated non-zero clear key length for non-export cipher suites. An attacker could use this flaw to decrypt recorded SSLv2 sessions with the server by using it as a decryption oracle...

openssl: SSLv2 Bleichenbacher protection overwrites wrong bytes for export ciphers

It was discovered that the SSLv2 protocol implementation in OpenSSL did not properly implement the Bleichenbacher protection for export cipher suites. An attacker could use a SSLv2 server using OpenSSL as a Bleichenbacher oracle...

openssl: assertion failure in SSLv2 servers

A denial of service flaw was found in the way OpenSSL handled SSLv2 handshake messages. A remote attacker could use this flaw to cause a TLS/SSL server using OpenSSL to exit on a failed assertion if it had both the SSLv2 protocol and EXPORT-grade cipher suites enabled...

SOL95463126 - OpenSSL vulnerabilities CVE-2016-0703 and CVE-2016-0704

Vulnerability Recommended Actions If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Versions known to be not vulnerable column. If the table lists only an older version than what you are...

SUSE SLED11 Security Update : compat-openssl097g (SUSE-SU-2016:0631-1) (DROWN)

This update for compat-openssl097g fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA...

openSUSE Security Update : libopenssl0_9_8 (openSUSE-2016-294) (DROWN) (FREAK) (POODLE)

This update for libopenssl098 fixes the following issues : - CVE-2016-0800 aka the 'DROWN' attack bsc968046: OpenSSL was vulnerable to a cross-protocol attack that could lead to decryption of TLS sessions by using a server supporting SSLv2 and EXPORT cipher suites as a Bleichenbacher RSA padding...