XCat - Tool that aides in the exploitation of blind XPath injection vulnerabilities

XCat is a command line program that aides in the exploitation of blind XPath injection vulnerabilities. It can be used to retrieve the whole XML document being processed by a vulnerable XPath query, read arbitrary files on the hosts filesystem and utilize out of bound HTTP requests to make the...

security issues addressed, most notably the mod_security heap overflow known as CVE-2014-0226 (important)

apache2: - ECC support was added to modssl - fix for a race condition in modstatus known as CVE-2014-0226 can lead to information disclosure; modstatus is not active by default, and is normally only open for connects from localhost. - fix for bug known as CVE-2014-0098 that can crash the apache...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities

SkaDate Lite version 2.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

HP Intelligent Management Center BIMS UploadServlet Information Disclosure (CVE-2014-2618)

An information disclosure vulnerability exists in the BIMS add-in module of HP Intelligent Management Center. The vulnerability is due to lack of authentication and insufficient input validation in the UploadServlet servlet when processing HTTP request parameters. By sending crafted HTTP requests...

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities !-- SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platfo...

SkaDate Lite 2.0 CSRF / Cross Site Scripting

SkaDate Lite 2.0 Mu...

SkaDate Lite 2.0 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities

SkaD...

Oxwall 1.7.0 Cross Site Request Forgery / Cross Site Scripting

Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities input type="hidden" name="formname"...

HP SiteScope EmailServlet Information Disclosure (CVE-2014-2614)

An information disclosure vulnerability has been reported in HP SiteScope. The vulnerability is due to a lack of input validation in the EmailServlet servlet when processing HTTP requests. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the...

Omeka < 2.2.1 Multiple Vulnerabilities

Binary data 8330.prm...

Cisco Patches Wireless Residential Gateway Vulnerabilities

US-CERT issued an advisory yesterday warning of a critical vulnerability in Cisco’s Wireless Residential Gateway. Cisco has patched the vulnerability and also released its own warning, informing customers of a remote code execution vulnerability in the web server used by the gateway that is prese...

Omeka 2.2 - CSRF And Stored XSS Vulnerability

Omeka version 2.2 suffers from cross site request forgery and cross site scripting vulnerabilities. !-- Omeka 2.2 CSRF And Stored XSS Vulnerability Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2 Summary: Omeka is a free, flexible, and open source...

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Omeka...

Omeka 2.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting

html...

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker cou...

D-Link info.cgi POST Request Buffer Overflow

No description provided by source. This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::HttpClient include...

Elipse E3 Scada PLC Denial Of Service

VSLA Security Advisory FIRE-SCADA-DOS-2013-001: Http DoS Requests Flooding Crash Device Vulnerabilities Elipse E3 Scada PLC. LEVEL: EXTREME In our tests authorized by the customer, we can stop the entire plant. Published: 10/29/2013 Version: 1.0 Vendor: Elipse...

InvGate Service Desk 4.2.36 SQL Injection Vulnerability

InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...

Ericom AccessNow Server Stack Buffer Overflow (CVE-2014-3913)

A stack buffer overflow vulnerability exists in Ericom AccessNow Server. The vulnerability is due to improper handling of specially crafted HTTP requests for non-existent files. A remote attacker can exploit this vulnerability by sending a crafted HTTP request...