InterScan Web Security Virtual Appliance vulnerable to code injection

Overview InterScan Web Security Virtual Appliance provided by Trend Micro Incorporated contains code injection vulnerability. Impact Arbitrary code may be executed by a user who logged-in to the management screen of the product as an administrator. Solution Apply the Patch Apply the patch accordi...

Internet Bug Bounty: Optionsbleed / CVE-2017-9798

Bug has been disclosed here: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html poc code: https://github.com/hannob/optionsbleed Apache is currently preparing 2.4.28, which will contain the fix, a patch is available in their svn repo...

community.pennfoster.edu XSS vulnerability

Vulnerable URL: https://community.pennfoster.edu/blogs/MercedesRuiz/tags?tags=%22%3E%3C/option%3E%3C%20/select%3E%3Cbody/onpageshow=prompt%28%29%3E%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.11.2017 Vulnerability...

stuller.com XSS vulnerability

Vulnerable URL: https://www.stuller.com/cart/?referrer=%22%3E%3Csvg/onload=%22alert%27OPENBUGBOUNTY%27%22%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 05.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 54802 VIP website status...

REDDOXX Appliance Undocumented Administrative Service Account Vulnerability

Exploit for jsp platform in category web applications Undocumented Administrative Service Account in REDDOXX Appliance RedTeam Pentesting discovered an undocumented service account in the REDDOXX appliance software, which allows attackers to access the administrative interface of the appliance an...

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution Vulnerability

Exploit for jsp platform in category web applications Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while...

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...

REDDOXX Appliance Arbitrary File Disclosure

Advisory: Unauthenticated Arbitrary File Disclosure in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated attackers to download arbitrary files from the affected system. Details ======= Product...

REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution

Advisory: Remote Command Execution as root in REDDOXX Appliance RedTeam Pentesting discovered a remote command execution vulnerability in the REDDOXX appliance software, which allows attackers to execute arbitrary command with root privileges while unauthenticated. Details ======= Product: REDDOX...

Directory Traversal

Overview Affected versions of uv-tj-demo resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Directory Traversal

Overview Affected versions of sgqserve resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

BOA Web Server 0.94.14rc21 Arbitrary File Access

BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor Homepage: http://www.boa.org Version: Boa Webserver...

Directory Traversal

Overview Affected versions of cuciuci resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

BOA Web Server 0.94.14rc21 - Arbitrary File Access

BOA Web Server 0.94.14 - Access to arbitrary files as privileges Title: Vulnerability in BOA Webserver 0.94.14 Date: 20-06-2017 Status: Vendor contacted, patch available Scope: Arbitrary file access Platforms: Unix Author: Miguel Mendez Z Vendor Homepage: http://www.boa.org Version: Boa Webserver...

nantahalalibrary.org XSS vulnerability

Vulnerable URL: http://www.nantahalalibrary.org/TLCScripts/interpac.dll?SearchForm=1=pac=,0,%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Autofocus%20/;%20Onfocus=alert'OPENBUGBOUNTY'//%3E%3CSvg%3E= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.07.2017 Vulnerability type:|...

AppCheck may insecurely invoke an executable file

Overview AppCheck provided by JIRANSOFT JAPAN, INC. is an anti-ransomware software. AppCheck and its installer contains an issue with the search path for executable files, which may lead to insecurely invoke an executable file CWE-427. Takashi Yoshikawa of Mitsui Bussan Secure Directions, Inc...

beyondbronzeltd.co.uk XSS vulnerability

Vulnerable URL: http://www.beyondbronzeltd.co.uk/wp-content/plugins/wp-password/login.php/"'--! Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 17268443 VIP website status:| No Chec...

PT-2017-18760 · Autotrace +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue allows remote attackers to cause a denial of service, resulting in an invalid write and SEGV. This is related to the ReadImage function in input-bmp.c. Recommendations: For AutoTrace version...

PT-2017-18755 · Autotrace +1 · Autotrace +1

Name of the Vulnerable Software and Affected Versions: AutoTrace version 0.31.1 Description: The issue is related to a heap-based buffer overflow in the ReadImage function, located in the input-bmp.c file. This overflow occurs at line 497, column 29, and is associated with the libautotrace.a...

PT-2017-6703 · Qdpm · Qdpm

Name of the Vulnerable Software and Affected Versions: qdPM version 8.3 Description: The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension to various pages in qdPM, including myAccount, projects, tasks, tickets, discussions, reports, and...