Open-Xchange Security Advisory 2013-06-03

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

Three Vulnerabilities Exist in HP's Insight Diagnostics

There are multiple vulnerabilities in HP’s Insight Diagnostics server management tool that could be exploited by an attacker to run code and let them take over an infected computer. There is currently no fix available for the problem. According to an alert from the CERT Coordination Center,...

Ecava IntegraXor XSS

Overview ICS-CERT received a report from an anonymous security reseacher concerning several cross site scripting XSS vulnerabilities in the Ecava IntegraXor SCADA product. ICS-CERT has worked with the reseacher and Ecava to validate these vulnerabilities. Ecava has developed a patch release of...

Fedora 18 : nspr-4.9.5-2.fc18 / nss-3.14.3-1.fc18 / nss-softokn-3.14.3-1.fc18 / etc (2013-2929)

Update nss to nss-3.14.3 This is a patch release to address CVE-2013-1620. Detailed descriptions of the bugs fixes on nss-3.14.3 can be found in the upstream release notes at https://developer.mozilla.org/en-US/docs/NSS/NSS3.14.3releasenotes Note that Tenable Network Security has extracted the...

MIMEsweeper For SMTP 5.5 Cross Site Scripting

Application: MIMEsweeper for SMTP 5.5 5.2, 5.3, 5.4 and probably earlier versions Personal Message Manager PMM Vendor: Clearswift Ltd Vendor URL: http://www.clearswift.com/ Category: Reflective XSS Google dork: inurl:/MSWPMM/ Discovered by: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom...

To bypass PHPCMS patch to continue injection-vulnerability warning-the black bar safety net

Vulnerability author: I want to get a shell Submission time: 2013-01-16 Disclosure time: 2013-01-21 Vulnerability type: SQL injection vulnerability Brief description: Inadvertently looked phpcms patch, just want to spit slot. In addition PHPCMS released a patch why not in the forum thank tick it,...

WHMCS 5.x Authentication Bypass

WHMCS 5.x versions suffers from a cookie-validation vulnerability, where sessions can be modified and authentication can be easily bypassed. Description : WHMCS 5.x Authentication Bypass Vulnerability Author : AgdScorp Contact: [email protected] Version : 5.x Link :...

Loganalyzer 3.6.0 Cross Site Scripting

Product: LogAnalyzer Version: 3.6.0 Vendor: www.adiscon.com Vulnerability type: Cross Site Scripting Risk level: Low Vendor notification: 2012-12-15 Patch Release: 2012-12-19 Public disclosure: 2012-12-20 Author: Mohd Izhar Bin Ali aka johncrackernet Website: http://johncrackernet.blogspot.com...

Sony PC Companion 2.1 (CheckCompatibility()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Sony PC Companion 2.1 WebServices.dll Unicode Buffer Overflow

Sony PC Companion 2.1 DownloadURLToFile Stack-based Unicode Buffer Overload SEH Vendor: Sony Mobile Communications AB Product web page: http://www.sonymobile.com Affected version: 2.10.115 Production 27.1, Build 830 2.10.108 Production 26.1, Build 818 Summary: PC Companion is a computer applicati...

Sony PC Companion 2.1 (Admin_RemoveDirectory()) Stack-based Unicode Buffer Overload

Summary PC Companion is a computer application that acts as a portal to Sony Xperia and operator features and applications, such as phone software updates, management of contacts and calendar, media management with Media Go, and a backup and restore feature for your phone content. Description The...

Subrion CMS 2.2.1 Multiple Remote XSS POST Injection Vulnerabilities

Summary Subrion is a free open source content management system. It's written in PHP 5 and utilizes MySQL database. Subrion CMS can be easily integrated into your current website or used as a stand alone platform. It's extremely flexible and scalable php system that stands for a content managemen...

ocPortal CMS 7.1.5 Open Redirect

OVERVIEW ocPoral CMS 7.1.5 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to accomplish your vision. Not...

Dell SonicWALL Scrutinizer 9.0.1 SQL Injection

!/usr/bin/python Exploit Title: Dell SonicWALL Scrutinizer 9.0.1 statusFilter.php q parameter SQL Injection Date: Jul 22 2012 Author: muts Version: SonicWALL Scrutinizer 9.0.1 Vendor URL: http://www.sonicwall.com Special thanks to: Tal Zeltzer Timeline: 12 Jun 2012: Vulnerability reported to CERT...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Bigware Shop SQL Injection Vulnerability

Exploit for php platform in category web applications The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Time line: 01/23/2012: Vendor contacted...

Bigware Shop SQL Injection

The Bigware shop software prior to version 2.17 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'pollid' in the module mainbigware54.php. Proof of concept is at: http://files.dw-itsecurity.de/54.zip Time line: 01/23/2012: Vendor contacted...

Baby Gekko CMS v1.1.5c Multiple Stored XSS Vulnerabilities

Exploit for php platform in category web applications Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: Baby Gekko, Inc. Product web page: http://www.babygekko.com Affected version: 1.1.5c Summary: BabyGekko strives to deliver high quality websites and other web...

OCIPasswordChange API leaks information of password hash (CVE-2012-0511)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AppSecInc Team SHATTER Security Advisory OCIPasswordChange API leaks information of password hash. Risk Level: High Affected versions: Oracle Database Server version 10gR1, 10gR2 10.2.0.4 and previous patchsets and 11gR1 11.1.0.7 and previous patchset...

phpList 2.10.17 - SQL Injection / Cross-Site Scripting

phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, install and use, and is easy to integrate...