ProcessMaker Enterprise Core Code Execution Vulnerability(CVE-2016-9045)

Summary A code execution vulnerability exists in ProcessMarker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested...

Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)

Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...

Pimcore CMS Build 3450 Directory Traversal

Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...

CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS

Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...

HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure

Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...

Broadcom PIPA C211 - Sensitive Information Disclosure

Broadcom PIPA C211 - Sensitive Information Disclosure Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A...

Oracle Demantra 12.2.1 - Arbitrary File Disclosure

Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet Impact: Impact can differ based on the exploitation and...

affolderdirectorytraversal-08_002.txt

Portcullis Security Advisory - 08-002 Vulnerable System: Affinium Campaign Vulnerability Title: The web application's create a new folder functionality is vulnerable to a directory traversal. Vulnerability Discovery And Development: Portcullis Security Testing Services. Credit For Discovery: Neil...

Moderate: Red Hat Security Advisory: qt security update

Updated qt packages that correct an integer overflow flaw are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Qt is a software toolkit that simplifies the task of writing and maintaining GUI Graphical User Interface applications...

[SA16899] Movable Type Multiple Weaknesses and Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...