6653 matches found
Sony IPELA ENGINE IP Cameras Backdoor Accounts Vulnerability
Sony IPELA ENGINE IP Cameras contain multiple backdoors that, among other functionality, allow an attacker to enable the Telnet/SSH service for remote administration over the network. Other available functionality may have undesired effects to the camera image quality or other camera functionalit...
Sony IPELA ENGINE IP Cameras Backdoor Accounts
We have published an accompanying blog post to this technical advisory with further information: http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html SEC Consult Vulnerability Lab Security Advisory ======================================================================...
pornoid.com XSS vulnerability
Vulnerable URL: http://www.pornoid.com/searchpages/?q=Search"...
euroline.cz XSS vulnerability
Vulnerable URL: http://www.euroline.cz/cz/vyhledavani.html?search=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E&eurolineSearch.x;=0&eurolineSearch.y;=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerabili...
SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2893-1)
This update for sudo fixes the following issues : - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 Note that Tenable Network Security h...
CVE-2016-9635
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Mitigation This...
SUSE-SU-2016:2898-1 Security update for nodejs4
This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite bsc1007728. Bug fixes: - bsc1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2...
visahq.com XSS vulnerability
Vulnerable URL: https://www.visahq.com/search1.php?sa=Search=FORID:11alert'OPENBUGBOUNTY'...
depor.com XSS vulnerability
Vulnerable URL: http://depor.com/buscar/B4rtwashere...
depop.com XSS vulnerability
Vulnerable URL: https://www.depop.com/search/?q=...
foto.com.ng XSS vulnerability
Vulnerable URL: http://foto.com.ng/index.php?search=prompt/OPENBUGBOUNTY/...
codart.net XSS vulnerability
Vulnerable URL: http://www.codart.net/20/search/?query='"/alert"openbugbounty"...
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution
SweetRice 1.5.1 - Cross-Site Request Forgery PHP Code Execution Hacked '; phpinfo; Code You Can Customize Exploit For Your Self . Exploit : -- Hacked '; phpinfo;? /textarea...
D-Link DIR-300NRUB5 Firmware 1.2.94 Cross Site Request Forgery
Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DIR-300. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DIR-300NRUB5, Firmware 1.2.94. All previous versions also must be...
CVE-2016-8335
An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 Sep 7 2012 NK - Linux x64 and Version 6.6.04 Nov 14 2014 NK - Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. A...
Type confusion
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...
iiitb.ac.in XSS vulnerability
Vulnerable URL: http://www.iiitb.ac.in/search.php?srch-term=";...
CVE-2016-8331
An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the applicatio...
CVE-2016-6372
A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...
sudo -- Potential bypass of sudo_noexec.so via wordexp()
Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...