Knowledge Base EE v4.62.0 - SQL Injection Vulnerability

Document Title: =============== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=700 Release Date: ============= 2012-09-12 Vulnerability Laboratory ID VL-ID: ==================================== 700...

Knowledge Base Enterprise Edition 4.62.0 - SQL Injection

Exploit Author: Vulnerability-Lab Title: ====== Knowledge Base EE v4.62.0 - SQL Injection Vulnerability Date: ===== 2012-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ====================================...

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

Citrix Provisioning Services streamprocess.exe 0x40020000 Opcode Integer Underflow

Added: 07/30/2012 BID: 49803 OSVDB: 75780 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services up to and including version 5.6 Service Pack 1 are...

Ganesha Digital Library 4.0 Multiple Vulnerabilities

===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities ===================================================== :---------------------------------------------------------------------------------------------------------------------------------------...

Ganesha Digital Library 4.0 Multiple Vulnerabilities

Exploit for php platform in category web applications ===================================================== Ganesha Digital Library 4.0 Multiple Vulnerabilities =====================================================...

Cisco Linksys PTZ Internet Video Camera PlayerPT ActiveX Overflow

Added: 04/19/2012 BID: 52673 OSVDB: 80297 Background The Cisco WVC200 Wireless-G PTZ Internet Video Camera sends live video through the Internet to a web browser anywhere in the world. Viewers can access the video stream through an HTTP service, which requires an ActiveX client to be installed in...

Multiple vulnerabilities in Open Journal Systems (OJS)

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

Dan Guido on Attacker Math and Exploit Intelligence

Dennis Fisher talks with Dan Guido, security researcher and CEO of Trail of Bits, about the new company’s plan to help enterprises defend against targeted attacks, the way that attackers think and the value of exploits versus vulnerabilities. They also discuss a new initiative to help share...

Knowledge Base Builder CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Knowledge Base Builder CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/knowledge-base-builder-by-stivasoft/31827/ Category:: webapps Demo : http://www.phpjabbers.com/demo/kbb10/ Greetz: Inj3ct0r...

WSN Knowledge Base CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: WSN Knowledge Base CSRF Author: Jonturk75 Vendor or Software Link: http://www.scripts.com/viewscript/wsn-knowledge-base/19009/ Category:: webapps Demo : http://demo.wsnforum.com/wsnkbadmin/admin/ Greetz: Inj3ct0r Exploit DataBas...

Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

Tender Knowledge Base Cross Site Scripting

Exploit Title: Tender Knowledge Base Cross Site Scripting Date: 3.03.2012 Author: Sony Software Link: http://tenderapp.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/03/tender-knowledge-base-cross-site.html...

Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities

Open ConferenceJournalHarvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities !/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link:...

Open Conference/Journal/Harvester Systems 2.3.x - Multiple Remote Code Execution Vulnerabilities

!/usr/bin/python Open Conference/Journal/Harvester Systems = 2.3.X multiple remote code execution vulnerabilities vendor: Public Knowledge Project pkp -http://pkp.sfu.ca/ software link: http://pkp.sfu.ca/download author: mrme::rwx kru email: steventhomasseeley!gmail!com tested on: the interwebz &...

DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection

Title ----- DDIVRT-2011-38 KnowledgeTree login.php Blind SQL Injection Severity -------- High Date Discovered --------------- November 18, 2011 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: sxkeebler and r@b13$ Vulnerability Description...

Social network poisoning - They are Following you Everywhere !

Note : This Article is taken from Most Comprehensive and Informative IT Security Magazine by The Hacker News - December Edition Download Here "Be Social" is the imperative of the last years. We live alternative lives, weave dense networks of relationships; we feel the irrepressible urge to be par...

Viscom Software Image Viewer ActiveX TIFMergeMultiFiles Vulnerability

Added: 11/28/2011 BID: 50712 Background Viscom Image Viewer CP is an image viewer ActiveX control that supports many popular image file formats, zoom in, zoom out, panning, auto zoom and auto scrolling when drawing the selection rectangle. Problem The ImageViewer2.OCX ActiveX control in Image...

Announcing Contest Winners for Ghost in the Wires Book

Announcing Contest Winners for Ghost in the Wires Book We ran a competition for the book "Ghost in the Wires by Kevin Mitnick " last week. We'd like to thank the following people for sending in the best of the best of reviews about Kevin Mitnick's new book, "Ghosts in the Wires." All the reviews ...

OneOrZero AIMS authentication bypass and SQLi vulnerabilities

Overview OneOrZero Action & Information Management System AIMS is vulnerable to an authentication bypass and SQL injection. Description According to the vendor's website:"OneOrZero AIMS is a powerful enterprise ready suite that includes a help desk, knowledge base, time manager and reporting syst...