IBM Dell and other server management system to save significant vulnerability-vulnerability warning-the black bar safety net

Previously a security researcher found that IBM, Dell and other brands of some products the presence of the vulnerability, the vulnerability could theoretically be used by hackers to get on victims of the user equipment system of control. IBM has for the vulnerability is released the relevant...

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...

WordPress NextGEN Gallery 2.0.63 Shell Upload

Exploit Title: Wordpress NextGEN Gallery Plugin 2.0.63 Arbitrary File Upload Author: SANTHO @s4n7h0 Vendor Homepage: http://wordpress.org/plugins/nextgen-gallery/ Category: WebApp / CMS / Wordpress Version: 2.0.63 and less --------------------------------------------------- Vulnerability Tracking...

phpList 2.10.17 Remote SQL Injection and XSS Vulnerability

No description provided by source. phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, instal...

zen cart 1.3.9f - Multiple Vulnerabilities

No description provided by source. Zen Cart v1.3.9f Multiple Remote Vulnerabilities Vendor: Zen Ventures, LLC Product web page: http://www.zen-cart.com Version affected: 1.3.9f Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components...

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...

NitroSecurity ESM 8.4.0a - Remote Code Execution

No description provided by source. -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that...

Zen Cart 1.3.9f (typefilter) - Local File Inclusion Vulnerability

No description provided by source. Zen Cart v1.3.9f typefilter Local File Inclusion Vulnerability Vendor: Zen Ventures, LLC Product web page: http://www.zen-cart.com Version affected: 1.3.9f Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML...

ManageEngine ServiceDesk Plus 8.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and...

Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overflow

No description provided by source. Sony PC Companion 2.1 DownloadURLToFile Stack-based Unicode Buffer Overload SEH Vendor: Sony Mobile Communications AB Product web page: http://www.sonymobile.com Affected version: 2.10.115 Production 27.1, Build 830 2.10.108 Production 26.1, Build 818 Summary: P...

Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection

No description provided by source. !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerability reported to CERT 3...

FCKeditor 2.6.10 Cross Site Scripting

Class Cross-Site Scripting Remote Yes Published 2nd June 2014 Credit Robin Bailey of Dionach [email protected] Vulnerable FCKeditor alertdocument.cookie;//=zz The vendor was notified of this issue, and FCKeditor 2.6.11 was released to address this vulnerability. See the following vendor...

Kemana Directory 1.5.6 Remote Code Execution

Summary Experience the ultimate directory script solution with Kemana. Create your own Yahoo or Dmoz easily with Kemana. Unique Kemana's features including: CMS engine based on our qEngine, multiple directories support, user friendly administration control panel, easy to use custom fields,...

qEngine CMS 6.0.0 Remote Code Execution

Summary qEngine qE is a lightweight, fast, yet feature packed CMS script to help you building your site quickly. Using template engine to separate the php codes from the design, you don't need to touch the codes to design your web site. qE is also expandable by using modules. Description qEngine...

Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability

Summary Open your own online shop today with Cart Engine! The small, yet powerful and don't forget, FREE shopping cart based on PHP & MySQL. Unique features of Cart Engine include: CMS engine based on our qEngine, product options, custom fields, digital products, search engine friendly URL, user...

Apache Commons FileUpload vulnerable to denial-of-service (DoS)

Overview Apache Commons FileUpload contains a denial-of-service DoS vulnerability. Apache Commons FileUpload provided by Apache Software Foundation contains an issue in processing a multi-part request, which may cause the process to be in an infinite loop. As of 2014 February 12, an exploit tool ...

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution

Skybluecanvas CMS 1.1 r248-03 - Remote Command Execution Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an...

PT-2014-3854 · Ec Cube · Ec-Orange +1

Name of the Vulnerable Software and Affected Versions: EC-CUBE versions 2.11.0 through 2.12.2 EC-Orange systems deployed before June 29th, 2015 Description: An issue exists where a user-controlled key can be used to bypass authorization. This can be exploited by sending a crafted HTTP request,...

Fedora 20 : nss-3.15.4-1.fc20 / nss-softokn-3.15.4-1.fc20 / nss-util-3.15.4-1.fc20 (2014-1120)

Update of the nss, nss-softokn, and nss-util packages to nss-3.15.4, a patch release for NSS 3.15 which includes the following security-relevant bug : CVE-2013-1740 When false start is enabled, libssl will sometimes return unencrypted, unauthenticated data from PRRecv For further details refer to...

DSA-2790-1 nss - uninitialized memory read

Bulletin has no description...