WordPress Newsletter Manager 1.0 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

CVE-2012-0734

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job...

Information disclosure

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job...

CVE-2012-0734

IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not properly import jobs, which allows man-in-the-middle attackers to obtain sensitive information or possibly have unspecified other impact via a crafted job...

[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.0-1.fc17

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.5.0-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

xRadio 0.95b Buffer Overflow

This module exploits a buffer overflow in xRadio 0.95b. Using the application to import a specially crafted xrl file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

SuSE 11.1 Security Update : LibreOffice (SAT Patch Number 6003)

The update fixes the following security issues : - 740453: Vulnerability in RDF handling. CVE-2012-0037 - 752595: overflow in jpeg handling CVE-2012-1149 This update also fixes the following non-security issues : Extras : - add SUSE color palette fate312645 Filters : - crash when loading embedded...

Csound hetro File Handling Stack Buffer Overflow

This module exploits a buffer overflow in Csound before 5.16.6. The overflow occurs when trying to import a malicious hetro file from tabular format. In order to achieve exploitation the user should import the malicious file through csound with a command like "csound -U hetimport msf.csd file.het...

SuSE 10 Security Update : LibreOffice (ZYPP Patch Number 8022)

LibreOffice 3.4.5 includes many fixes over the previous LibreOffice 3.4.2.6 update. The update fixes the following security issues : - 740453: Vulnerability in RDF handling. CVE-2012-0037 - 752595: overflow in jpeg handling. CVE-2012-1149 - 736146: buffer overflow in the build in icu copy 736146...

Debian Security Advisory DSA 2391-1 (phpmyadmin)

The remote host is missing an update to phpmyadmin announced via advisory DSA 2391-1. OpenVAS Vulnerability Test $Id: deb23911.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2391-1 phpmyadmin Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian: Security Advisory (DSA-2391-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 2366-1 (mediawiki)

The remote host is missing an update to mediawiki announced via advisory DSA 2366-1. OpenVAS Vulnerability Test $Id: deb23661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2366-1 mediawiki Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Debian DSA-2391-1 : phpmyadmin - several vulnerabilities

Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2011-4107 The XML import plugin allowed a remote attacker to read arbitrary files via XML data containing...

[SECURITY] [DSA 2391-1] phpmyadmin security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2391-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst January 22, 2012 http://www.debian.org/security/faq -...

DSA-2391-1 phpmyadmin - several

Bulletin has no description...

BS.Player 2.57 - Local Buffer Overflow (SEH Unicode) (Metasploit)

$Id: $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'BS.Player...

BS.Player 2.57 Buffer Overflow (Unicode SEH)

This module exploits a buffer overflow in BS.Player 2.57. When the playlist import is used to import a specially crafted m3u file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...

[SECURITY] Fedora 16 Update: phpMyAdmin-3.4.9-1.fc16

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 15 Update: phpMyAdmin-3.4.9-1.fc15

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...