HP Arcsight Logger and Connector appliances cross-site scripting vulnerability

Overview HP's Arcsight Connector appliance v6.2.0.6244.0 and Arcsight Logger appliance v5.2.0.6288.0 and possibly other versions contain a file import facility which is vulnerable to cross-site scripting XSS. Description The supplied facility for importing host data from a file System Admin Tab |...

[SECURITY] Fedora 17 Update: glpi-data-injection-2.2.2-1.fc17

Plugin for importing data into GLPI It'll can serve, for example, to : - import machines at the delivery electronic delivery order in CSV - import additional data - import equipment not managed by OCS - transmit from an other tool of asset management...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

Oracle Outside-In - .FPX File Parsing Heap Overflow

Oracle Outside-In - .FPX File Parsing Heap Overflow Application: Oracle Outside-In FPX File Parsing Heap Overflow Version: he vulnerabilities are reported in versions 8.3.5 and 8.3.7. Exploitation: Remote code execution Secunia Number: SA49936 PRL: 2012-26 Author: Francis Provencher Protek Resear...

Oracle Outside-In - '.FPX' File Parsing Heap Overflow

Application: Oracle Outside-In FPX File Parsing Heap Overflow Version: he vulnerabilities are reported in versions 8.3.5 and 8.3.7. Exploitation: Remote code execution Secunia Number: SA49936 PRL: 2012-26 Author: Francis Provencher Protek Research Lab's Website: http://www.protekresearchlab.com/...

Default configuration

DISPUTED The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the CyberoamSSLC...

LimeSurvey 1.92+ Build120620 Remote File Inclusion / Traversal

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-06-22 LimeSurvey 1.92+ build 120620 Multiple Vulnerabilities Script: "LimeSurvey - the free and open source survey software...

DOYOcms local file inclusion vulnerability-vulnerability warning-the black bar safety net

It is this set of CMS, this is very simple to. ! DOYOcms local file inclusion vulnerability Here's the$handlecontroller = syClass$controller, null, $GLOBALS'GDY'"controllerpath".'/'.$ controller.". php"; Next look down ! DOYOcms local file inclusion vulnerability ! DOYOcms local file inclusion...

CVE-2012-3587

APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-key net-update to import keyrings, relies on GnuPG argument order and does not check GPG subkeys, which might allow remote attackers to install Trojan horse packages via a man-in-the-middle MITM attack...

Ubuntu: Security Advisory (USN-1477-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Real-DRAW PRO 5.2.4 - Import File Crash

Real-DRAW PRO 5.2.4 Import File Crash =================================================================================== Exploit Title:Real-DRAW PRO 5.2.4 Malicious PNG File Denial of service Vendor : http://www.mediachance.com/ Author: Ahmed Elhady Mohamed Email : [email protected]...

Real-DRAW PRO 5.2.4 - Import File Crash

Real-DRAW PRO 5.2.4 - Import File Crash Real-DRAW PRO 5.2.4 Import File Crash =================================================================================== Exploit Title:Real-DRAW PRO 5.2.4 Malicious PNG File Denial of service Vendor : http://www.mediachance.com/ Author: Ahmed Elhady Mohame...

Real-DRAW PRO 5.2.4 Import File Crash

Exploit for windows platform in category dos / poc Real-DRAW PRO 5.2.4 Import File Crash =================================================================================== Exploit Title:Real-DRAW PRO 5.2.4 Malicious PNG File Denial of service Vendor : http://www.mediachance.com/ Author: Ahmed...

phpMyAdmin simplexml_load_string() Function Information Disclosure (PMASA-2011-17)

According to its self-identified version number, the phpMyAdmin install hosted on the remote web server is affected by an information disclosure vulnerability. The vulnerability, which is in the simplexmlloadstring function in the XML import plug-in libraries/import/xml.php in phpMyAdmin 3.3.x...

Real-DRAW PRO 5.2.4 Denial Of Service

Real-DRAW PRO 5.2.4 Import File Crash =================================================================================== Exploit Title:Real-DRAW PRO 5.2.4 Malicious PNG File Denial of service Vendor : http://www.mediachance.com/ Author: Ahmed Elhady Mohamed Email : [email protected]...

MultiMedia Builder 4.9.8 - '.mef' Denial of Service

Multimedia Builder 4.9.8 Malicious mef File Denial of service =================================================================================== Exploit Title:Multimedia Builder 4.9.8 Malicious mef File Denial of service Author: Ahmed Elhady Mohamed Email : [email protected] Website...

MultiMedia Builder 4.9.8 - .mef Denial of Service

MultiMedia Builder 4.9.8 - .mef Denial of Service Multimedia Builder 4.9.8 Malicious mef File Denial of service =================================================================================== Exploit Title:Multimedia Builder 4.9.8 Malicious mef File Denial of service Author: Ahmed Elhady...

WordPress Newsletter Manager 1.0 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...