PRADO PHP Framework 3.2.0 - Arbitrary File Read

PRADO PHP Framework 3.2.0 Arbitrary File Read Vulnerability Vendor: Prado Software Product web page: http://www.pradosoft.com Affected version: 3.2.0 r3169 Summary: PRADO is a component-based and event-driven programming framework for developing Web applications in PHP 5. PRADO stands for PHP Rap...

SAP /sap/bc/soap/rfc SOAP Service TH_SAPREL Function Information Disclosure

This module attempts to identify software, OS and DB versions through the SAP function THSAPREL using the /sap/bc/soap/rfc SOAP service. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This module is based on, inspire...

[Subterfuge] Beta Version 4.2

Automated Man-in-the-Middle Attack Framework Abstract: Enter Subterfuge, a Framework to take the arcane art of Man-in-the-Middle Attack and make it as simple as point and shoot. A beautiful, easy to use interface which produces a more transparent and effective attack is what sets Subterfuge apart...

CVE-2012-3200

The CVE-2012-3200 entry concerns the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1, with an unspecified vulnerability that allows remote authenticated users to affect confidentiality, related to ROLESPRV. Connected sources corroborate a vendor patching context...

CVE-2012-3161

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client CS...

CVE-2012-3154

CVE-2012-3154 affects Oracle Agile PLM Framework within Oracle Supply Chain Products Suite 9.3.1.0. The vulnerability is described as unspecified and related to ATTACH, allowing remote authenticated users to affect confidentiality. The CVE entry cites partial confidentiality impact with network a...

CVE-2012-3161

CVE-2012-3161 affects the Oracle Agile PLM Framework component within Oracle Supply Chain Products Suite 9.3.1.1. Description in the primary record states an unspecified vulnerability that could allow remote attackers to affect integrity via unknown vectors related to the Web Client (CS). Connect...

VideoLAN VLC Media Player 2.0.3 - .png ReadAV Crash (PoC)

VideoLAN VLC Media Player 2.0.3 - .png ReadAV Crash PoC !/usr/bin/perl VLC Player 2.0.3 Vendor URI: http://www.videolan.org/vlc/ Vendor Description: VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and...

VLC Player 2.0.3 <= ReadAV Arbitrary Code Execution

Exploit for windows platform in category local exploits !/usr/bin/perl VLC Player 2.0.3 Vendor URI: http://www.videolan.org/vlc/ Vendor Description: VLC is a free and open source cross-platform multimedia player and framework that plays most multimedia files as well as DVD, Audio CD, VCD, and...

[SECURITY] Fedora 17 Update: guacd-0.6.1-3.fc17

Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...

JAMF Software Casper Suite contains a cross-site request forgery vulnerability

Overview JAMF Software's Casper Suite is susceptible to a cross-site request forgery CSRF CWE-352 vulnerability. Description JAMF Software's Casper Suite, a Mac OS X and iOS client management framework, contains a cross-site request forgery CSRF CWE-352 vulnerability. The reporter provided a...

[SECURITY] Fedora 18 Update: trytond-2.4.2-1.fc18

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton also called Tryton kernel provides all the necessary...

CodeIgniter &lt;= 2.1.1 xss_clean&#40;&#41; Cross Site Scripting filter bypass

Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...

Fedora Update for rubygem-activesupport FEDORA-2012-11880

Check for the Version of rubygem-activesupport OpenVAS Vulnerability Test Fedora Update for rubygem-activesupport FEDORA-2012-11880 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...

[SECURITY] Fedora 17 Update: pcp-3.6.5-1.fc17

Performance Co-Pilot PCP provides a framework and services to support system-level performance monitoring and performance management. The PCP open source release provides a unifying abstraction for all of the interesting performance data in a system, and allows client applications to easily...

CVE-2012-3024

Tridium Niagara AX Framework through 3.6 uses predictable values for 1 session IDs and 2 keys, which might allow remote attackers to bypass authentication via a brute-force attack...

CVE-2012-3024

CVE-2012-3024 affects Tridium Niagara AX Framework up to version 3.6. The issue is that session IDs and keys are predictable, potentially enabling remote attackers to bypass authentication through brute-force attempts. The description consistently states an authentication bypass risk but does not...

DSA-2529-1 python-django - several

Bulletin has no description...

ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-131 : Microsoft .NET Framework Undersized Glyph Buffer Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-131 August 3, 2012 - -- CVE ID: CVE-2012-0162 - -- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P - -- Affected...

CVE-2012-4028

CVE-2012-4028 affects the Tridium Niagara AX Framework. The vulnerability stems from improper storage of credential data, enabling context-dependent attackers to bypass authentication by using stored credentials. The NVD entry lists a high impact with network reach and low attack complexity, but ...