OXID eShop CE 4.9.7 Path Traversal / Privilege Escalation

=== LSE Leading Security Experts GmbH - Security Advisory 2016-02-03 === OXID eShop Path Traversal Vulnerability ------------------------------------------------------------------------ Affected Versions ================= Community Edition 4.9.7 Issue Overview ============== Vulnerability Type:...

Security update 2016-04-12

...

Redaxo CMS 5.0.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor: https://www.redaxo.org/ Tested version...

Redaxo 5.0.0 - Multiple Vulnerabilities

Redaxo 5.0.0 - Multiple Vulnerabilities === LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of...

WordPress Booking Calendar Contact Form 1.0.23 Blind SQL Injection

Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Unauthenticated blind SQL injection Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage: http://wordpress.dwbooster.com...

OpenMRS Reporting Module 0.9.7 Remote Code Execution

Title: Unauthenticated remote code execution in OpenMRS Product: OpenMRS Vendor: OpenMRS Inc. Tested versions: See summary Status: Fixed by vendor Reported by: Brian D. Hysell Product description: OpenMRS is "the world's leading open source enterprise electronic medical record system platform."...

AndroidVTS: Android cell phone vulnerabilities the defect detection App-vulnerability warning-the black bar safety net

Android users now have a light weight cell phone vulnerabilities the defect inspection tool to help users check their phone if there is a corresponding vulnerability. The tool is called Android VTS Vulnerability Test Suite, is Nownature released an app of the application tool. Android VTS is base...

X2Engine 4.2 - Cross-Site Request Forgery

Source: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5075/ Details: It was discovered that no protection against Cross-site Request Forgery attacks was implemented, resulting in an attacker being able to able to force the creation of a new...

SAP Afaria product exposed a series of serious vulnerabilities that affect a large number of mobile device-bug warning-the black bar safety net

Afaria is the German SAP software company developed a mobile device management MDM solutions that are currently on the market the most popular MDM solutions, there are about 6 3 0 0 a enterprise which manages 1 billion 3 0 0 million of the mobile device. ERPScan is specifically responsible for th...

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC

Exploit for windows platform in category dos / poc Exploit Title: Buffer Overflow in Oracle Hyperion Smart View for Office DOS Exploit Author: sajith Vendor Homepage: http://oracle.com vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157 Vulnerable Link:...

Remote let the phone restart count as vulnerability? At least Google says not to count-vulnerability warning-the black bar safety net

Security researchers recently announced about the Android WiFi-Direct vulnerabilities, the vulnerability can lead to Android device reboot. Google and the vulnerability is found above the Core Security of the company has been in debate about this Android vulnerability severity--in the end let the...

Adobe Auto-Update Flash Player Zero Day Patch

Adobe on Saturday began patching a zero-day vulnerability in Flash Player, exploits for which have been included in the notorious Angler Exploit Kit. This is the second of two previously unreported critical flaws in the software that have been patched in the last five days. Adobe last Thursday se...

Windows arbitrary code execution 0day（CVE-2 0 1 4-4 1 1 4）analysis report-vulnerability warning-the black bar safety net

Tomorrow release patch windows all platforms all can trigger the OLE package Manager the INF arbitrary code execution vulnerability, CVE-2 0 1 4-4 1 1 4 in. The vulnerability affects Windows vista,win7 and aboveoperating system, the use of the Microsoft document you can trigger the vulnerability,...

IBM Dell and other server management system to save significant vulnerability-vulnerability warning-the black bar safety net

Previously a security researcher found that IBM, Dell and other brands of some products the presence of the vulnerability, the vulnerability could theoretically be used by hackers to get on victims of the user equipment system of control. IBM has for the vulnerability is released the relevant...

Cisco Patches Hardcoded SSH Key Vulnerability in UCM

The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a ro...

WordPress NextGEN Gallery 2.0.63 Shell Upload

Exploit Title: Wordpress NextGEN Gallery Plugin 2.0.63 Arbitrary File Upload Author: SANTHO @s4n7h0 Vendor Homepage: http://wordpress.org/plugins/nextgen-gallery/ Category: WebApp / CMS / Wordpress Version: 2.0.63 and less --------------------------------------------------- Vulnerability Tracking...

ManageEngine ServiceDesk Plus 8.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and...

Zen Cart 1.3.9f (typefilter) - Local File Inclusion Vulnerability

No description provided by source. Zen Cart v1.3.9f typefilter Local File Inclusion Vulnerability Vendor: Zen Ventures, LLC Product web page: http://www.zen-cart.com Version affected: 1.3.9f Summary: Zen Cart is an online store management system. It is PHP-based, using a MySQL database and HTML...

Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection

No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...

phpList 2.10.17 Remote SQL Injection and XSS Vulnerability

No description provided by source. phpList 2.10.17 Remote SQL Injection and XSS Vulnerability Vendor: phpList Ltd Product web page: http://www.phplist.com Affected version: 2.10.17 Summary: phplist is the world's most popular open source email campaign manager. phplist is free to download, instal...