Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability

No description provided by source. Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-edito...

SkyBlueCanvas CMS 1.1 r248-03 Command Injection

Vulnerability in SkyBlueCanvas CMS Vulnerability Type: Remote Command Injection Version Affected: 1.1 r248-03 and probably prior versions Discovered by: Scott Parish - Center for Internet Security Vendor Information: SkyBlueCanvas is an easy-to-use Web Content Management System, that makes it...

Synology DSM 4.3-3810 Directory Traversal

Title: Synology DSM multiple directory traversal Version affected: = 4.3-3810 Vendor: Synology Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it Twitter: @andreaf83 Status: patched CVE: 2013-6987 I'm again here with a Synology DSM vulnerability. Synolo...

AjaXplorer 1.0 - Multiple Vulnerabilities

AjaXplorer 1.0 - Multiple Vulnerabilities Trustwave SpiderLabs Security Advisory TWSL2013-027: Multiple Vulnerabilities in AjaXplorer Published: 09/05/13 Version: 1.0 Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is...

AjaXplorer 5.0.2 Shell Upload / Traversal Vulnerability

AjaXplorer versions 5.0.2 and below suffer from remote shell upload and path traversal vulnerabilities. Vendor: AjaXplorer http://ajaxplorer.info Product: AjaXplorer Version affected: 5.0.2 and prior Product description: AjaXplorer is an open source file sharing platform which relies on PHP and t...

SocialEngine 4.5 Shell Upload

INTRODUCTION ------------------------------------------------------------- The plugin has the objective give you a better visual for the user profile, allowed the addition of cover image keeping the layout closest to the style of modern social networks, among other features. + DESCRIPTION OF...

Invision Power Board 1.x / 2.x / 3.x Admin Account Takeover

Invision Power Board IPD versions 1.x, 2.x, and 3.x suffer from an administrative account takeover vulnerability that allows for code execution. IPB Invision Power Board all versions 1.x? / 2.x / 3.x Admin account Takeover leading to code execution Written on : 2013/05/02 Released on : 2013/05/13...

TeamSHATTER Security Advisory: SQL Injection in Oracle EM (Resource Manager) (CVE-2013-0358)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory SQL Injection in Oracle Enterprise Manager Resource Manager February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 Remot...

IP.Gallery 4.2.x and 5.0.x Persistent XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: IP.Gallery 4.2.x and 5.0.x persistent XSS vulnerability image title is vulnerable to persistent XSS vulnerability which allow any normal member to hack any administrator account or any other member account. we contacted the vend...

Schneider Electric Accutech Manager - Heap Overflow (PoC)

Schneider Electric Accutech Manager Server Heap Overflow PoC RFManagerService - Port: 2537 I think this is the same vuln that ExodusIntel discovered. Credit also goes to Aaron Portnoy, ExodusIntel. The patch has not been released yet. Evren Yalcin, Signalsec Ltd. www.signalsec.com Download app:...

WordPress Audio Player SWF Cross Site Scripting

Exploit Title: Wordpress Audio Player Plugin XSS in SWF Release Date: 31/01/13 Author: hip Insight-Labs Contact: [email protected] | Website: http://insight-labs.org Software Link: http://downloads.wordpress.org/plugin/audio-player.2.0.4.6.zip Vendor Homepage: http://wpaudioplayer.com/ Tested...

[CVE-2012-5692] Invision Power Board <= 3.3.4 "unserialize()" PHP Code Execution Vulnerability

------------------------------------------------------------------------------ Invision Power Board = 3.3.4 "unserialize" PHP Code Execution Vulnerability ------------------------------------------------------------------------------ author..............: Egidio Romano aka EgiX...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...

Novell Sentinel Log Manager 1.2.0.2 - Retention Policy

Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 target" exit 1 fi echo "POST...

PBBoard - Authentication Bypass

PBBoard - Authentication Bypass source: https://www.securityfocus.com/bid/54862/info PBBoard is a web-based messaging board application implemented in PHP. Attackers may exploit these issues to gain unauthorized access to user accounts or to bypass intended security restrictions. Other attacks ma...

DataWatch Monarch Business Intelligence (BI) 5.1 Admin Cross Site Scripting

Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...

Symantec Web Gateway 5.0.2 (blocked.php id parameter) Blind SQL Injection

Exploit for linux platform in category web applications !/usr/bin/python Exploit Title: Symantec Web Gateway 5.0.2 blocked.php id parameter Blind SQL Injection Date: Jul 23 2012 Author: muts Version: Symantec Web Gateway 5.0.2 Vendor URL: http://www.symantec.com Timeline: 29 May 2012: Vulnerabili...

SQL Injection in Oracle Enterprise Manager (searchPage web page) (CVE-2012-0525)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory SQL Injection in Oracle Enterprise Manager searchPage web page. Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.3 and previous patchsets Oracle Enterprise Manager...

Microsoft SQL Server Privilege Escalation / SQL Injection

No description provided by source. AppSecInc Team SHATTER Security Advisory Privilege escalation via internal sql injection in RESTORE DATABASE command. Risk Level: Medium Affected versions: Microsoft SQL Server 2005, 2008, 2008 R2 Remote exploitable: Yes Credits: This vulnerability was discovere...

TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain

Trustwave's SpiderLabs Security Advisory TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain https://www.trustwave.com/spiderlabs/advisories/TWSL2011-007.txt Published: 2011-07-25 Version: 1.0 Vendor: Apple http://www.apple.com Product: iOS Version affected: Versions Prior to...