Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

Zend Server 5.6.0 Script Insertion

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Bridg...

SQL injection in Bigware shop software

The Bigware shop software prior to version 2.15 contains a SQL injection, resulting in full database compromise. The injection point is the POST parameter 'lastname' in the module mainbigware43.php. A user must be created before exploitation. Proof of concept is at...

vBSEO 3.6.0 - proc_deutf() Remote PHP Code Injection (Metasploit)

vBSEO 3.6.0 - procdeutf Remote PHP Code Injection Metasploit require 'msf/core' class Metasploit3 'vBSEO %q This module exploits a vulnerability in the 'procdeutf' function defined in /includes/functionsvbseocpabstract.php. User input passed through 'charrepl' POST parameter isn't properly...

Apache Patch released for Reverse proxy Bypass Vulnerability

Apache Patch released forReverse proxy Bypass Vulnerability Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. Security experts are warning firms running the Apache web server to keep up to date with the latest...

Arbitrary File Upload in '1 Flash Gallery' Wordpress Plugin

====Vulnerability==== The '1 Flash Gallery' WordPress plugin http://wordpress.org/extend/plugins/1-flash-gallery/ is vulnerable to an arbitrary file upload vulnerability. This vulnerability is present from version 1.30 until version 1.5.7. The plugin has been downloaded an estimated 460,000 times...

ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities

ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...

vBulletin 4.1.3 SQL Injection

Exploit Title: Vbulletin 4.0.x = 4.1.3 messagegroupid SQL injection Vulnerability 0-day Google Dork: intitle: powered by Vbulletin 4 Date: 20/07/2011 Author: FB1H2S Software Link: urlhttp://www.vbulletin.com//url Version: 4.x.x Tested on: relevant os CVE : urlhttp://members.vbulletin.com//url...

ISC BIND 9 RPZ zone named denial-of-service vulnerability

Overview ISC BIND 9 contains a remote crashing vulnerability when running with certain RPZ configurations. Description According to ISC:A defect in the affected versions of BIND could cause the "named" process to exit when queried, if the server has recursion enabled and was configured with an RP...

VLC Media Player XSPF Local File Integer Overflow

TITLE VLC Media Player XSPF Local File Integer overflow in XSPF playlist parser AFFECTED VERSIONS VLC media player 1.1.9 down to 0.8.5 VENDOR VideoLAN Organisation CLASS Denial of Service DoS RESOURCES http://www.videolan.org/security/sa1104.html PRODUCT DESCRIPTION VLC is a free and open source...

VideoLAN VLC Media Player 1.1.9 - XSPF Playlist Local File Integer Overflow

TITLE VLC Media Player XSPF Local File Integer overflow in XSPF playlist parser AFFECTED VERSIONS VLC media player 1.1.9 down to 0.8.5 VENDOR VideoLAN Organisation CLASS Denial of Service DoS RESOURCES http://www.videolan.org/security/sa1104.html PRODUCT DESCRIPTION VLC is a free and open source...

Vmware vSphere Management Assistant (vMA) - Local Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

Vmware vSphere Management Assistant (vMA) Privilege Escalation

======================================================================= Vmware vSphere Management Assistant vMA - Local Privilege Escalation ======================================================================= Affected Software : Vmware vSphere Management Assistant vMA Severity : Medium...

Imperva SecureSphere SQL Injection Filter Bypass

======================================================================= Imperva SecureSphere - SQL injection filter bypass ======================================================================= Affected Software : SecureSphere Web Application Firewall WAF Severity : High Local/Remote : Remote...

Adobe Warns of Attacks on Critical Flash Player Bug

Adobe is warning its users about a critical vulnerability in Flash that affects Adobe Reader and Acrobat, as well. The bug can be used by remote attackers to run arbitrary code and Adobe officials said that they’ve already seen some attacks that are targeting the vulnerability. The vulnerability ...

Esselbach Storyteller CMS System 1.8 - SQL Injection

Exploit Title: Esselbach Storyteller CMS System Version 1.8 page.php Remote SQL Injection Vulnerability Date: March, 9th 2011 GMT +7 Author: Shamus Software Link: http://www.esselbach.com/ Version : Esselbach Storyteller CMS System Version 1.8 Tested on: windows CVE : -...

Microsoft Fills Windows, Office Holes with March Patch Release

Microsoft Corp. issued their monthly security bulletins on Tuesday, with fixes for four known vulnerabilities in the company’s Windows operating system, Office suite and Remote Desktop Connection products. The March patch release included three bulletins: MS11-015, 016 and 017. Only one, MS11-015...

Pragyan CMS v 3.0 mutiple Vulnerabilities

Exploit for php platform in category web applications Pragyan CMS v 3.0 mutiple Vulnerabilities Author Villy and Abhishek Lyall - villys777atgmaildotcom, abhilyallatgmaildotcom Web - http://www.aslitsecurity.com/ Blog - http://bugix-security.blogspot.com http://www.aslitsecurity.blogspot.com/...

Ecava IntegraXor stack-based buffer overflow vulnerability

Overview Ecava IntegraXor contains a stack-based buffer overflow vulnerability in the Ecava IntegraXor Human-Machine Interface HMI product that could allow the execution of arbitrary code. Description According to Ecava's website: IntegraXor is a suite of tools used to create and run a web-based...

DotNetNuke CMS Cross Site Scripting

PR10-19 DotNetNuke CMS XSS Advisory publicly released: Friday, 3 December 2010 Vulnerability found: Saturday, 30 October 2010 Vendor informed: Monday, 1 November 2010 Severity level: Low/Medium Credits Richard Brain of ProCheckUp Ltd www.procheckup.com Description DotNetNuke is a Content Manageme...