Horde Groupware Web Mail Edition 5.1.2 - Cross-Site Request Forgery (1)

Exploit Title : Multiple CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/25/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free

This Metasploit module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple...

MS13-080 Microsoft Internet Explorer CDisplayPointer Use-After-Free

This module exploits a vulnerability found in Microsoft Internet Explorer. It was originally found being exploited in the wild targeting Japanese and Korean IE8 users on Windows XP, around the same time frame as CVE-2013-3893, except this was kept out of the public eye by multiple research...

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web...

A Decade of Microsoft Patch Tuesday Security Updates

On Oct. 9, 2003, Microsoft announced its new security patching process that would end up being a catalyst for significant change in the information security community. Ten years ago, the program was announced with a press release that promised “Improved patch management processes, policies and...

Ecava IntegraXor DLL Hijacking (Update B)

Overview This advisory is a follow-up to ICS-ALERT-10-362-01—Ecava IntegraXor DLL Hijacking. ICS-CERT has become aware of a Uncontrolled Search Path Element vulnerability, commonly referred to as DLL Hijacking, in the Ecava IntegraXor supervisory control and data acquisition SCADA product. ICS-CE...

NEW VMSA-2013-0010 VMware Workstation host privilege escalation vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0010 Synopsis: VMware Workstation host privilege escalation vulnerability Issue date: 2013-08-22 Updated on: 2013-08-22 initial...

Open-Xchange Security Advisory 2013-06-03

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

Three Vulnerabilities Exist in HP's Insight Diagnostics

There are multiple vulnerabilities in HP’s Insight Diagnostics server management tool that could be exploited by an attacker to run code and let them take over an infected computer. There is currently no fix available for the problem. According to an alert from the CERT Coordination Center,...

Ecava IntegraXor XSS

Overview ICS-CERT received a report from an anonymous security reseacher concerning several cross site scripting XSS vulnerabilities in the Ecava IntegraXor SCADA product. ICS-CERT has worked with the reseacher and Ecava to validate these vulnerabilities. Ecava has developed a patch release of...

Fedora 18 : nspr-4.9.5-2.fc18 / nss-3.14.3-1.fc18 / nss-softokn-3.14.3-1.fc18 / etc (2013-2929)

Update nss to nss-3.14.3 This is a patch release to address CVE-2013-1620. Detailed descriptions of the bugs fixes on nss-3.14.3 can be found in the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS3.14.3releasenotes Note that Tenable Network Security has extracted the...

MIMEsweeper For SMTP 5.5 Cross Site Scripting

Application: MIMEsweeper for SMTP 5.5 5.2, 5.3, 5.4 and probably earlier versions Personal Message Manager PMM Vendor: Clearswift Ltd Vendor URL: http://www.clearswift.com/ Category: Reflective XSS Google dork: inurl:/MSWPMM/ Discovered by: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom...

To bypass PHPCMS patch to continue injection-vulnerability warning-the black bar safety net

Vulnerability author: I want to get a shell Submission time: 2013-01-16 Disclosure time: 2013-01-21 Vulnerability type: SQL injection vulnerability Brief description: Inadvertently looked phpcms patch, just want to spit slot. In addition PHPCMS released a patch why not in the forum thank tick it,...

WHMCS 5.x Authentication Bypass

WHMCS 5.x versions suffers from a cookie-validation vulnerability, where sessions can be modified and authentication can be easily bypassed. Description : WHMCS 5.x Authentication Bypass Vulnerability Author : AgdScorp Contact: [email protected] Version : 5.x Link :...

Loganalyzer 3.6.0 Cross Site Scripting

Product: LogAnalyzer Version: 3.6.0 Vendor: www.adiscon.com Vulnerability type: Cross Site Scripting Risk level: Low Vendor notification: 2012-12-15 Patch Release: 2012-12-19 Public disclosure: 2012-12-20 Author: Mohd Izhar Bin Ali aka johncrackernet Website: http://johncrackernet.blogspot.com...

Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 WebServices.dll Unicode Buffer Overflow

Sony PC Companion 2.1 DownloadURLToFile Stack-based Unicode Buffer Overload SEH Vendor: Sony Mobile Communications AB Product web page: http://www.sonymobile.com Affected version: 2.10.115 Production 27.1, Build 830 2.10.108 Production 26.1, Build 818 Summary: PC Companion is a computer applicati...

Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities

Summary Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content managemen...

ocPortal CMS 7.1.5 Open Redirect

OVERVIEW ocPoral CMS 7.1.5 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to accomplish your vision. Not...