IBM Cognos 11.0 Content Spoofing

/ Content Spoofing Vulnerability in IBM Cognos Analytics Applications Advisory 5190 Patch Release - 30 May 2016 Public Release - 03 June 2016 CVE-2016-0398 The IBM Security Bulletins associated with this CVE have been published at the following URLs: IBM Cognos Analytics 11.0...

CMS Made Simple < 2.1.3 / < 1.12.1 - Web Server Cache Poisoning

Exploit for php platform in category web applications ============================================= Web Server Cache Poisoning in CMS Made Simple ============================================= CVE-2016-2784 Product Description =================== CMS Made Simple is a great tool with many plugins t...

OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

Security update 2016-04-12

...

Redaxo 5.0.0 - Multiple Vulnerabilities

Redaxo 5.0.0 - Multiple Vulnerabilities === LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of...

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.org/ Tested version...

WordPress Booking Calendar Contact Form 1.0.23 Blind SQL Injection

Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

X2Engine 4.2 - Cross-Site Request Forgery

Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to able to force the creation of a new...

SAP Afaria product exposed a series of serious vulnerabilities that affect a large number of mobile device-bug warning-the black bar safety net

Afaria is the German SAP software company developed a mobile device management MDM solutions that are currently on the market the most popular MDM solutions, there are about 6 3 0 0 a enterprise which manages 1 billion 3 0 0 million of the mobile device. ERPScan is specifically responsible for th...

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC

Exploit for windows platform in category dos / poc Exploit Title: Buffer Overflow in Oracle Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...

Remote let the phone restart count as vulnerability? At least Google says not to count-vulnerability warning-the black bar safety net

Security researchers recently announced about the Android WiFi-Direct vulnerabilities, the vulnerability can lead to Android device reboot. Google and the vulnerability is found above the Core Security of the company has been in debate about this Android vulnerability severity--in the end let the...

Adobe Auto-Update Flash Player Zero Day Patch

Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...

Windows arbitrary code execution 0day（CVE-2 0 1 4-4 1 1 4）analysis report-vulnerability warning-the black bar safety net

Tomorrow release patch windows all platforms all can trigger the OLE package Manager the INF arbitrary code execution vulnerability, CVE-2 0 1 4-4 1 1 4 in. The vulnerability affects Windows vista,win7 and aboveoperating system, the use of the Microsoft document you can trigger the vulnerability,...

IBM Dell and other server management system to save significant vulnerability-vulnerability warning-the black bar safety net

Previously a security researcher found that IBM, Dell and other brands of some products the presence of the vulnerability, the vulnerability could theoretically be used by hackers to get on victims of the user equipment system of control. IBM has for the vulnerability is released the relevant...

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...

WordPress NextGEN Gallery 2.0.63 Shell Upload

Exploit Title: Wordpress NextGEN Gallery Plugin 2.0.63 Arbitrary File Upload Author: SANTHO @s4n7h0 Vendor Homepage: http://wordpress.org/plugins/nextgen-gallery/ Category: WebApp / CMS / Wordpress Version: 2.0.63 and less --------------------------------------------------- Vulnerability Tracking...

ManageEngine ServiceDesk Plus 8.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and...

NitroSecurity ESM 8.4.0a - Remote Code Execution

No description provided by source. -- Product description: NitroView ESM is an enterprise-class security information and event management system that identifies, correlates, and remediates threats faster than any other SIEM on the market. -- Problem Description: During research it was found that...