Oracle Siebel CRM 8.1.1 - CSV Injection

Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link: http://www.oracle.com/us/products/applications/siebel/siebel-crm-8-1-1-066196.html Version: Oracle Siebel CRM Versio...

rpm4 -- regression in -setperms, -setugids and -restore

rpm4 reports: Regression in -setperms, -setugids and -restore Note that this update can not automatically fix possible damage done by using -setperms, -setugids or -restore with rpm 4.14.2, it merely fixes the functionlity itself. Any damage needs to be investigated and fixed manually, such as...

GHSA-RF7Q-XQM3-6923 Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML

Cross-site scripting XSS vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies...

Shopify: H1514 Bypass Wholesale account signup restrictions

Summary: By default, account registration is disabled on Shopify Wholesale, requiring customers to be manually invited: Wholesale account signup is disabled. Customers need to be manually invited from the Customers page. This can be bypassed due to improper access controls in the invitation...

Cross site scripting

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341...

Cisco Prime Collaboration Provisioning Trust Management Vulnerability

Cisco Prime Collaboration Provisioning PCP is a set of Web-based, next-generation communications services software from Cisco. The software provides IP communication service features for IP telephony, voice mail and unified communications environments. A trust management vulnerability exists in t...

From Now On, Only Default Android Apps Can Access Call Log and SMS Data

A few hours ago the company announced its "non-shocking" plans to shut down Google+ social media network following a "shocking" data breach incident. Now to prevent abuse and potential leakage of sensitive data to third-party app developers, Google has made several significant changes giving user...

Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit/information related to these vulnerabilities is publicly available Vendor: Hangzhou Xiongmai Technology Co., Ltd Equipment: XMeye P2P Cloud Server Vulnerabilities: Predictable From Observable State, Hidden...

CVE-2018-0462 Cisco Enterprise NFV Infrastructure Software Denial of Service Vulnerability

A vulnerability in the user management functionality of Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, remote attacker to perform a denial of service DoS attack against an affected system. The vulnerability is due to insufficient validation of user-provided input...

DarkSpiritz - A Penetration Testing Framework For UNIX Systems

What is DarkSpiritz? Created by the SecTel Team it was a project of one of the owners to update and clean-up an older pentesting framework he had created to something updated and modern. DarkSpiritz is a re-vamp of the very popular framework known as "Roxysploit". You may be familiar with this...

Most Threatening DNS Security Risks And How To Avoid Them

By Zehra Ali The DNS or Domain Name System is one of the most necessary components for the internet functionality. Most often, the internet businesses are negligent to the security of their digital identity that is the DNS. This poor security of DNS makes it vulnerable to many cyber attacks which...

Deserialization of untrusted data

An exploitable code execution vulnerability exists in the Levin deserialization functionality of the Epee library, as used in Monero 'Lithium Luna' v0.12.2.0-master-ffab6700 and other cryptocurrencies. A specially crafted network packet can cause a logic flaw, resulting in code execution. An...

bocajuniors.com.ar XSS vulnerability

Open Bug Bounty ID: OBB-679412 Description| Value ---|--- Affected Website:| bocajuniors.com.ar Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Command injection

A command injection vulnerability in the web server functionality of Moxa EDR-810 V4.2 build 18041013 allows remote attackers to execute arbitrary OS commands with root privilege via the caname parameter to the /xml/netWebCADELETEGetValue URI...

necfru.jp XSS vulnerability

Open Bug Bounty ID: OBB-678005 Description| Value ---|--- Affected Website:| necfru.jp Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Zero-Day Bug Allows Hackers to Access CCTV Surveillance Cameras

Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on and manipulate video feeds or plant malware. According to a Tenable Research Advisory issued Monday, the bugs are rated...

NUUO NVRMini2 Multiple Vulnerabilities

The version of NUUO NVRMini2 installed on the remote host is affected by multiple vulnerabilities: - NUUO NVRMini2 web server utilizes CGI binaries in order to handle a variety of commands that require authenticated interaction. Implemented session handling mechanism doesn't validate user's input...

Mail.ru: XSS in touch.mail.ru

Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...

bankdirector.com XSS vulnerability

Open Bug Bounty ID: OBB-674548 Description| Value ---|--- Affected Website:| bankdirector.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-4010

An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system's privileges...