6885 matches found
Cogent Real-Time Systems Vulnerabilities
Overview Dillon Beresford of Cimation has identified four vulnerabilities in the Cogent Real-Time Systems DataHub application. Cogent has produced an update that mitigates these vulnerabilities. These vulnerabilities could be exploited remotely. Affected Products Cogent Real-Time Systems reports...
PT-2013-39: Improper Input Validation in Wonderware Information Server
Positive Research Center experts have discovered "Improper Input Validation" vulnerability in Wonderware Information Server. WIS allows access to local resources files and internal resources via unsafe parsing of XML external entities. By using specially crafted XML files, an attacker can cause W...
WeBid Multiple Vulnerabilities
WeBid is prone to directory traversal and multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
GE Intelligent Platforms Proficy Real-Time Information Portal Vulnerabilities
OVERVIEW This advisory is a follow-up to the previously updated portal advisory titled ICSA-12-234-01AP—GE Intelligent Platforms Proficy Real-Time Information Portal Multiple Vulnerabilities, which was published September 17, 2012, in the US-CERT secure Portal library. This advisory provides...
TYPO3 'BACK_PATH' Parameter LFI Vulnerability (TYPO3-CORE-SA-2011-004)
TYPO3 is prone to local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...
RHEL 6 : ghostscript (RHSA-2012:0095)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0095 advisory. Ghostscript is a set of software that provides a PostScript interpreter, a set of C procedures the Ghostscript library, which implements the...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The kdbldap plugin in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.9 through 1.9.1, when the LDAP back end is used, allows remote attackers to cause a denial of service NULL pointer dereference...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The krb5db2lockoutaudit function in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.8 through 1.8.4, when the db2 aka Berkeley DB back end is used, allows remote attackers to cause a denial of...
Siemens Automation License Manager Vulnerabilities
Overview This Advisory is a follow-up to the original Alert titled “ICS-ALERT-11-332-01A—Siemens Automation License Manager Vulnerabilities” that was published December 02, 2011, on the ICS-CERT web page. ICS-CERT is aware of publicly disclosed reports of four vulnerabilities in Siemens Automatio...
vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection
vBulletin 4.0.x 4.1.3 - messagegroupid SQL Injection Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on:...
vBulletin 4.1.3 SQL Injection
Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...
HP Data Protector 6.20 - Multiple Vulnerabilities
HP Data Protector 6.20 - Multiple Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protect...
HP Data Protector 6.20 Multiple Vulnerabilities
Exploit for windows platform in category dos / poc Core Security Technologies - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID: CORE-2011-0514 Advisory URL:...
Multiple vulnerabilities in HP Data Protector
Core Security Technologies - Corelabs Advisory Multiple vulnerabilities in HP Data Protector 1. Advisory Information Title: Multiple vulnerabilities in HP Data Protector Advisory ID: CORE-2011-0514 Advisory URL: http://www.coresecurity.com/content/HP-Data-Protector-multiple-vulnerabilities Date...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent...
TYPO3 Security Bulletin
It has been discovered that the extension powermail powermail is vulnerable to Cross-Site Scripting, SQL Injection and Validation Bypass Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.5.3 and below Vulnerability...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation. The QSslSocketBackendPrivate::transmit function in srcnetworksslqsslsocketopenssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service infinite loop via a malformed request...
CVE-2010-2020: FreeBSD kernel NFS client local vulnerabilities
Census ID: census-2010-0001 URL: http://census-labs.com/news/2010/05/26/freebsd-kernel-nfsclient/ CVE ID: CVE-2010-2020 Affected Products: FreeBSD 8.0-RELEASE, 7.3-RELEASE, 7.2-RELEASE Class: Improper Input Validation CWE-20 Remote: No Discovered by: Patroklos Argyroudis We have discovered two...
CVE-2009-2936
DISPUTED The Command Line Interface aka Server CLI or administration interface in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to 1 execute arbitrary code via a...
KLA10414 ACe vulnerability in Avast! Antivirus
Improper input validation was found in Avast! Antivirus. By exploiting this vulnerability malicious users can cause denial of service and possibly execute arbitrary code. This vulnerability can be exploited remotely via a specially designed IOCTL request. Original advisories - Related products...