PT-2014-7163

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the fixed version Description The issue allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size...

OpenAM vulnerable to denial-of-service (DoS)

Overview OpenAM provided by ForgeRock is an open source access management software. OpenAM contains a denial-of-service DoS vulnerability due to a flaw in processing Cookies CWE-400. Yasushi IWAKATA of Open Source Solution Technology Corporation reported this vulnerability to IPA. JPCERT/CC...

Ecava IntegraXor Buffer Overflow Vulnerability

OVERVIEW This advisory is a follow-up to the alert titled ICS-ALERT-14-015-01 Ecava IntegraXor Buffer Overflow Vulnerability that was published January 15, 2014, on the NCCIC/ICS-CERT Web site. Independent researcher Luigi Auriemma identified a buffer overflow vulnerability in the Ecava IntegraXo...

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...

Mpay24 Payment Module 1.5 Information Disclosure / SQL Injection Mpay24 Payment Module 1.5 Informat

Mpay24 Payment Module versions 1.5 and below suffer from information disclosure and remote SQL injection vulnerabilities. Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - ·...

PT-2014-1863 · Red Hat +1 · 389-Ds-Base-Debuginfo +5

Name of the Vulnerable Software and Affected Versions: 389-ds-base versions 1.3.1.6 389-ds-base-debuginfo versions 1.3.1.6 389-ds-base-devel versions 1.3.1.6 389-ds-base-libs versions 1.3.1.6 Description: The issue allows remote attackers to obtain sensitive replicated metadata by searching the...

ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability

ESA-2014-074.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-074: EMC RecoverPoint Appliance Security Control Bypass Vulnerability EMC Identifier: ESA-2014-074 CVE Identifier: CVE-2014-2519 Severity Rating: CVSS v2 Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:N/A:P Affected products: • EMC...

TikiWiki <= 1.9.8.1 - Local File Inclusion Vulnerabilities

No description provided by source. ====================================================================== TikiWiki = 1.9.8.1 Local File Inclusion ====================================================================== Author: L4teral l4teral 4t gmail com Impact: Local File Inclusion Status: patch...

Cybozu Garoon vulnerable to directory traversal

Overview Cybozu Garoon contains a directory traversal vulnerability. Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server...

NetGear DGN2200 N300 Wireless Router - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Title: Multiple vulnerabilities in NETGEAR N300 WIRELESS ADSL2+ MODEM ROUTER DGN2200 ==================================================================================== Notification Date: 11 February 2014 Affected Vendor: NetGear Affecte...

WellinTech KingSCADA Stack-Based Buffer Overflow

OVERVIEW An anonymous researcher working with HP’s Zero Day Initiative has identified a stack-based buffer overflow in the WellinTech KingSCADA Stack. WellinTech has produced a patch that mitigates this vulnerability. This vulnerability could be exploited remotely. AFFECTED PRODUCTS The following...

VMware ESX and ESXi may allow access to arbitrary files

Overview VMware ESX and ESXi contain a vulnerability in the handling of Virtual Machine file descriptors, which may allow access to arbitrary ESX and ESXi files. Shanon Olsson reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer under Information Security Early Warni...

SQL Injection in Dokeos

Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27, 2013 Vulnerability Type: SQL Injectio...

SilverStripe CMS 3.0.3 Information Disclosure

SilverStripeR Information Exposure Through Query Strings in GET Request CWE-598 - CVE: CVE-2013-2653 - CWE: CWE-598 - Deloitte Argentina Advisory Code: DTTAR-20130002 - Vendor Status: CONFIRMED - Vendor Disclosure Date: May, 8th, 2013. - Public Disclosure Date: August, 1st, 2013. - Vendors...

Xibo 1.2.2 / 1.4.1 Directory Traversal

Exploit Title: Xibo Directory Traversal Vulnerability Exploit Author: Mahendra Date: 2 April 2013 Vendor homepage: http://xibo.org.uk References: http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-DS-2013-00 Affected Vendor: Spring Signage Ltd Affected...

Xibo 1.2.21.4.1 - index.php?p Directory Traversal

Xibo 1.2.21.4.1 - index.php?p Directory Traversal Exploit Title: Xibo Directory Traversal Vulnerability Exploit Author: Mahendra Date: 2 April 2013 Vendor homepage: http://xibo.org.uk References:...

Squid 3.3.5 Denial Of Service

Squid Crash PoC Copyright C Kingcope 2013 tested against squid-3.3.5 this seems to be the patch for the vulnerability: http://www.squid-cache.org/Versions/v3/3.3/squid-3.3.8.patch The squid-cache service will respawn, looks like a kind of assert exception: 2013/07/15 20:48:36 kid1| Closing HTTP...

Atlassian Confluence 4.3.5 XSS / Clickjacking

=============================================================================== BAE Systems Detica Security Advisory: DS-2013-005 =============================================================================== Title: Atlassian Confluence Multiple Issues Version: 4.3.5, and earlier Issue type:...

VxWorks WebCLI vulnerable to denial-of-service (DoS)

Overview The VxWorks WebCLI contains a denial-of-service DoS vulnerability. The VxWorks WebCLI contains a denial-of-service DoS vulnerability due to an issue in parsing command strings. Hisashi Kojima and Masahiro Nakada of Fujitsu Laboratories Ltd. reported this vulnerability to IPA. JPCERT/CC...

VxWorks SSH server (IPSSH) denial-of-service (DoS) vulnerability

Overview The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability. The SSH server IPSSH implementation in VxWorks contains a denial-of-service DoS vulnerability due to an issue in the processing authentication requests. Hisashi Kojima and Masahiro Nakada of...