Open-Xchange App Suite 7.8.2 - Cross Site Scripting

Exploit for cgi platform in category web applications Product: OX App Suite Vendor: OX Software GmbH Internal reference: 46484 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.2 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status:...

Open-Xchange Guard 2.4.2 - Multiple Cross-Site Scripting Vulnerabilities

Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.4.0-rev11, 2.4.2-rev5...

Open-Xchange App Suite 7.8.1 Cross Site Scripting

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 45796 / 45811 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.8.1 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.2-rev44,...

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload

WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload Exploit Title: WP Mobile Detector =3.5 Arbitrary File upload Google Dork: inurl: /wp-includes/plugins/wp-mobile-detector Date: 1-06-2015 Exploit Author: Aaditya Purani Author Details: https://aadityapurani.com Vendor:...

IBM Cognos 11.0 Content Spoofing

/ Content Spoofing Vulnerability in IBM Cognos Analytics Applications Advisory 5190 Patch Release - 30 May 2016 Public Release - 03 June 2016 CVE-2016-0398 The IBM Security Bulletins associated with this CVE have been published at the following URLs: IBM Cognos Analytics 11.0...

Notilus 2012 R3 SQL Injection

Exploit Title: Notilus SQL injection Product: Notilus travel solution software Vulnerable Versions: 2012 R3 Tested Version: 2012 R3 Advisory Publication: 03/06/2016 Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' CWE-89 CVE Reference: NONE...

CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning

Exploit for php platform in category web applications ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins t...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

Security update 2016-04-12

...

Redaxo 5.0.0 - Multiple Vulnerabilities

Redaxo 5.0.0 - Multiple Vulnerabilities === LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of...

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.org/ Tested version...

WordPress Booking Calendar Contact Form 1.0.23 Blind SQL Injection

Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

X2Engine 4.2 - Cross-Site Request Forgery

Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to able to force the creation of a new...

SAP Afaria product exposed a series of serious vulnerabilities that affect a large number of mobile device-bug warning-the black bar safety net

Afaria is the German SAP software company developed a mobile device management MDM solutions that are currently on the market the most popular MDM solutions, there are about 6 3 0 0 a enterprise which manages 1 billion 3 0 0 million of the mobile device. ERPScan is specifically responsible for th...

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC

Exploit for windows platform in category dos / poc Exploit Title: Buffer Overflow in Oracle Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...

Remote let the phone restart count as vulnerability? At least Google says not to count-vulnerability warning-the black bar safety net

Security researchers recently announced about the Android WiFi-Direct vulnerabilities, the vulnerability can lead to Android device reboot. Google and the vulnerability is found above the Core Security of the company has been in debate about this Android vulnerability severity--in the end let the...

Adobe Auto-Update Flash Player Zero Day Patch

Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...

Windows arbitrary code execution 0day（CVE-2 0 1 4-4 1 1 4）analysis report-vulnerability warning-the black bar safety net

Tomorrow release patch windows all platforms all can trigger the OLE package Manager the INF arbitrary code execution vulnerability, CVE-2 0 1 4-4 1 1 4 in. The vulnerability affects Windows vista,win7 and aboveoperating system, the use of the Microsoft document you can trigger the vulnerability,...