Imperva SecureSphere SQL Injection Filter Bypass

======================================================================= Imperva SecureSphere - SQL injection filter bypass ======================================================================= Affected Software : SecureSphere Web Application Firewall WAF Severity : High Local/Remote : Remote...

Adobe Warns of Attacks on Critical Flash Player Bug

Adobe is warning its users about a critical vulnerability in Flash that affects Adobe Reader and Acrobat, as well. The bug can be used by remote attackers to run arbitrary code and Adobe officials said that they’ve already seen some attacks that are targeting the vulnerability. The vulnerability ...

Esselbach Storyteller CMS System 1.8 - SQL Injection

Exploit Title: Esselbach Storyteller CMS System Version 1.8 page.php Remote SQL Injection Vulnerability Date: March, 9th 2011 GMT +7 Author: Shamus Software Link: http://www.esselbach.com/ Version : Esselbach Storyteller CMS System Version 1.8 Tested on: windows CVE : -...

Microsoft Fills Windows, Office Holes with March Patch Release

Microsoft Corp. issued their monthly security bulletins on Tuesday, with fixes for four known vulnerabilities in the company’s Windows operating system, Office suite and Remote Desktop Connection products. The March patch release included three bulletins: MS11-015, 016 and 017. Only one, MS11-015...

Pragyan CMS v 3.0 mutiple Vulnerabilities

Exploit for php platform in category web applications Pragyan CMS v 3.0 mutiple Vulnerabilities Author Villy and Abhishek Lyall - villys777atgmaildotcom, abhilyallatgmaildotcom Web - http://www.aslitsecurity.com/ Blog - http://bugix-security.blogspot.com http://www.aslitsecurity.blogspot.com/...

Ecava IntegraXor stack-based buffer overflow vulnerability

Overview Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could allow the execution of arbitrary code. Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based...

DotNetNuke CMS Cross Site Scripting

PR10-19 DotNetNuke CMS XSS Advisory publicly released: Friday, 3 December 2010 Vulnerability found: Saturday, 30 October 2010 Vendor informed: Monday, 1 November 2010 Severity level: Low/Medium Credits Richard Brain of ProCheckUp Ltd www.procheckup.com Description DotNetNuke is a Content Manageme...

Google Extends Bug Bounty to Web Properties

Google is extending its nascent bug-bounty program to the Web applications that the company owns, including its flagship search service, YouTube and Blogger. The program will pay researchers rewards of up to $3133.7 for bugs that they find in Google Web services and report directly to the company...

NitroSecurity ESM v8.4.0a Remote Code Execution

Exploit for linux platform in category remote exploits =============================================== NitroSecurity ESM v8.4.0a Remote Code Execution =============================================== -- Product description: NitroView ESM is an enterprise-class security information and event...

Zen Cart 1.3.9f Local File Inclusion

Zen Cart v1.3.9f typefilter Local File Inclusion Vulnerability Vendor: Zen Ventures, LLC Product web page: http://www.zen-cart.com Version affected: 1.3.9f Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML components. Support is provided for...

Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability

Exploit for php platform in category web applications ================================================================ Achievo v1.4.3 Multiple Authorization Flaws / CSRF Vulnerability ================================================================ Vulnerability Description: It is possible to...

Apple Fixes 13 Bugs in Major OS X Patch Release

Apple released a patch Tuesday that fixes more than a dozen bugs, including a critical remote code-execution flaw in Apple Type Services. The patch release also includes a fix for a flaw in CFNetwork that enabled an attacker to intercept user credentials and other sensitive data silently on a...

Why Vulnerability Research Matters

It seems that any time there’s a high-profile incident in which a vulnerability is disclosed without a patch being available, there is an immediate and loud call from some corners to abolish the practice of vulnerability research. If researchers weren’t spending their days poking holes in softwar...

Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote BoF PoC

No description provided by source. / Title: Adobe Photoshop CS4 Extended 11.0 ASL File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your digital images, transforming them into anything you can imagine...

Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow

/ Title: Adobe Photoshop CS4 Extended 11.0 GRD File Handling Remote Buffer Overflow PoC Summary: The Adobe® Photoshop® family of products is the ultimate playground for bringing out the best in your digital images, transforming them into anything you can imagine and showcasing them in extraordina...

3Com* iMC (Intelligent Management Center) - Cross-Site Scripting Information Disclosure Flaws

3Com iMC Intelligent Management Center - Cross-Site Scripting Information Disclosure Flaws PR10-02: Various XSS and information disclosure flaws within 3Com iMC Intelligent Management Center On the 12th April 2010 Hewlett Packard completed its acquisition of 3Com Vulnerability found: 29th January...

Mandriva Update for bind MDVSA-2010:021 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2010:021 bind Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Update for bind MDVSA-2010:021 (bind)

Check for the Version of bind OpenVAS Vulnerability Test Mandriva Update for bind MDVSA-2010:021 bind Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Mandriva Linux Security Advisory : bind (MDVSA-2010:021)

Some vulnerabilities were discovered and corrected in bind : The original fix for CVE-2009-4022 was found to be incomplete. BIND was incorrectly caching certain responses without performing proper DNSSEC validation. CNAME and DNAME records could be cached, without proper DNSSEC validation, when...

Secunia Research: Microsoft Windows Flash Player Movie Unloading Vulnerability

====================================================================== Secunia Research 12/01/2010 - Microsoft Windows Flash Player Movie Unloading Vulnerability - ====================================================================== Table of Contents Affected...