Avira Service - Unvalidated CSRF Token Account Hijacking

Document Title: =============== Avira Service - Unvalidated CSRF Token Account Hijacking References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1301 View: https://www.youtube.com/watch?v=lJR8Hv5JnOI Release Date: ============= 2014-08-28 Vulnerability Laboratory ID VL-ID:...

NGS00248 Patch Notification: Virtual Access Monitor Multiple SQL Injection Vulnerabilities

High Risk Vulnerability in Virtual Access Monitor 2 April 2013 Ken Wolstencroft of NCC Group has discovered a High risk vulnerability in Virtual Access Monitor Impact: Multiple SQL Injection Vulnerabilities Versions affected: Virtual Access Monitor 3.10.17 and previous Details of the most recent...

NGS00266 Patch Notification: Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL

Medium risk vulnerability in Symantec Messaging Gateway 18 September 2012 Ben Williams of NCC Group has discovered a Medium risk vulnerability in Symantec Messaging Gateway Impact: Authenticated arbitrary file download Versions affected: Symantec Messaging Gateway 9.5.3-3 An updated version of th...

NGS00330 Patch Notification: Squiz CMS Directory Traversal

High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:...

NGS00194 Patch Notification: Nagios XI Network Monitor Blind SQL Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor Blind SQL Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...

NGS00196 Patch Notification: Nagios XI Network Monitor OS Command Injection

High Risk Vulnerability in Nagios XI Network Monitor 2 July 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Nagios XI Network Monitor Impact: Nagios XI Network Monitor OS Command Injection Versions affected: Nagios XI Network Monitor 2011R1.9 An updated version of the...

NGS00107 Patch Notification: Oracle Grid Engine sgepasswd Buffer Overflow

High Risk Vulnerability Oracle Grid Engine 30 April 2012 Edward Torkington of NGS Secure has discovered a High risk vulnerability in Oracle Grid Engine Impact: sgepasswd Buffer Overflow Versions affected: version 62u7 This has been addresses as part of oracle April update:...

NGS00155 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Any logged-in user can bypass controls to reset passwords of other administrators

High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Any logged-in user can bypass controls to reset passwords of other administrators If role-bas...

NGS00157 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Password hashes can be recovered from a system backup and easily cracked

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

NGS00153 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Reflective XSS allowing an attacker to gain session tokens

High Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a high risk vulnerability in the McAfee Email and Web Security Appliance Impact: Reflective XSS allowing an attacker to gain session tokens Versions affected: All versions...

NGS00156 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Active sesssion tokens of other users are disclosed within the UI

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Active session tokens of other users are disclosed within the UI Versions affected: All...

NGS00154 Patch Notification: McAfee Email and Web Security Appliance v5.6 - Session hijacking and bypassing client-side session timeouts

Medium Risk Vulnerability in McAfee Email and Web Security Appliance 29 March 2012 Ben Williams of NGS Secure has discovered a medium risk vulnerability in the McAfee Email and Web Security Appliance Impact: Session hijacking and bypassing client-side session timeouts Versions affected: All...

NGS00193 Patch Notification: Trend Micro DataArmor and DriveArmor - Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

Critical Vulnerability in DataArmor and DriveArmor 24 January 2012 Stuart Passe of NGS Secure has discovered a Critical vulnerability in DataArmor and DriveArmor. Impact: Restricted Environment breakout, Privilege Escalation and Full Disk Decryption Versions affected: DataArmor 3.0.10 or greater...

NGS00137 Patch Notification: Websense Triton 7.6 - Reflected XSS in report management UI

Medium Risk Vulnerability in Websense Triton 15 December 2011 Ben Williams of NGS Secure has discovered a Medium risk vulnerability in Websense Impact: Reflected XSS Versions affected include: Websense Web Security Gateway Anywhere v7.6 Websense Web Security Gateway v7.6 Websense Web Security v7....

NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution

High Risk Vulnerability in FFmpeg 23 November 2011 Phillip Langlois of NGS Secure has discovered a High risk vulnerability in FFmpeg Impact: Remote code execution Versions affected include: FFmpeg 0.7.8 This issue is addressed in v 0.7.8 and v0.8.7, which can be downloaded at:...

NGS00109 Patch Notification: ImpressPages CMS Remote code execution

High Risk Vulnerability in ImpressPages CMS 27 September 2011 David Middlehurst of NGS Secure has discovered a High risk vulnerability in ImpressPages CMS v1.0.12. Impact: Remote code execution Please update all instances of Impress Pages to the 1.0.13 release:...

NGS00057 Patch Notification: Apple Mac OS X ImageIO Integer Overflow

Apple Mac OS X ImageIO Integer Overflow 22/03/2011 Dominic Chell of NGS Secure has discovered a High risk vulnerability in Mac OS X ImageIO. An integer overflow issue exists in ImageIO's handling of JPEG-encoded TIFF images. Viewing a maliciously crafted TIFF image may result in an unexpected...

PHP News <= 1.2.4 - Remote File Inclusion (VXSfx)

-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: PHP News Version: 1.2.4 and possibly 1.2.3 Homepage: http://newsphp.sourceforge.net/ Author: Filip Groszynski VXSfx Date: 23 February 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Vulnerable code in auth.php: if...

Software PBLang 4.65 search.php XSS vulnerability

HRG - Hackerlounge Research Group Release: HRG001 Friday 11-02-05 Software PBLang 4.65 search.php XSS vulnerability The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.65 current an...

zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]

On Tue Sep 03 2002, Blue Boar wrote: This is one of my favorite vulnerabilities: http://online.securityfocus.com/bid/1503 It's an overflow in the JPEG handler in Netscape. I don't know of one for GIFs off the top of my head, but the same principle applies. If there's a viewer with a bug, then the...