Oracle Demantra Database Credentials Leak

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Demantra Database Credentials Leak', 'Description' = %q This module exploits a database credentials leak found in Oracle Demantra 12.2.1 i...

Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting

Viprinet Multichannel VPN Router 300 - Persistent Cross-Site Scripting Vulnerability title: Multiple Instances Of Cross-site Scripting In Viprinet Multichannel VPN Router 300 CVE: CVE-2014-2045 Vendor: Viprinet Product: Multichannel VPN Router 300 Affected version: 2013070830/2013080900 Fixed...

CVE-2015-5075 - Cross-Site Request Forgery In X2Engine Inc. X2Engine

Vulnerability title: Cross-Site Request Forgery In X2Engine Inc. X2Engine CVE: CVE-2015-5075 Vendor: X2Engine Inc. Product: X2Engine Affected version: 4.2 Fixed version: 5.2 Reported by: Simone Quatrini Details: It was discovered that no protection against Cross-site Request Forgery attacks was...

Pimcore CMS Build 3450 - Directory Traversal

Pimcore CMS Build 3450 - Directory Traversal Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an...

Pimcore CMS Build 3450 SQL Injection

Vulnerability title: SQL Injection In Pimcore CMS CVE: CVE-2015-4426 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: Details: It was possible to inject arbitrary SQL into the application provided an administrative accoun...

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File Retrieval/Deletion

Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version: 7.1.1.18527 Reported by: Mike Westmacott Details: The CFChart servlet of...

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion

BlueDragon CFChart Servlet 7.1.1.17759 - Arbitrary File RetrievalDeletion Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version:...

BlueDragon CFChart Servlet 7.1.1.17759 Directory Traversal

Vulnerability title: Arbitrary File Retrieval + Deletion In New Atlanta BlueDragon CFChart Servlet CVE: CVE-2014-5370 Vendor: New Atlanta Product: BlueDragon CFChart Servlet Affected version: 7.1.1.17759 Fixed version: 7.1.1.18527 Reported by: Mike Westmacott Details: The CFChart servlet of...

Enalean Tuleap 7.4.99.5 - Blind SQL Injection

No description provided by source. Vulnerability title: Tuleap = 7.4.99.5 Authenticated Blind SQL Injection in Enalean Tuleap CVE: CVE-2014-7176 Vendor: Enalean Product: Tuleap Affected version: 7.4.99.5 and earlier Fixed version: 7.5 Reported by: Jerzy Kramarz Details: SQL injection has been fou...

F5 Big-IP 11.3.0.39.0 XML External Entity Injection #1

Vulnerability title: XML External Entity Injection in F5 Networks Big-IP CVE: CVE-2014-6032 Vendor: F5 Networks Product: Big-IP Affected version: 11.3.0.39.0 Fixed version: N/A Reported by: Oliver Gruskovnjak Details: F5 Networks Big-IP is vulnerable to an XML External Entity injection attack. Th...

Enalean Tuleap 7.4.99.5 - Remote Command Execution

Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer:...

Enalean Tuleap 7.4.99.5 - Blind SQL Injection

Enalean Tuleap 7.4.99.5 - Blind SQL Injection Vulnerability title: Tuleap &globalfiltersubmit=Apply HTTP/1.1 Host: 192.168.56.108 User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Languag...

Enalean Tuleap 7.4.99.5 - Remote Command Execution

Enalean Tuleap 7.4.99.5 - Remote Command Execution Vulnerability title: Tuleap /usr/share/codendi/src/www/passwd.txt && "ozilla/5.0 Windows NT 6.1; WOW64; rv:31.0 Gecko/20100101 Firefox/31.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5...

CVE-2014-3074 - Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX

Vulnerability title: Runtime Linker Allows Privilege Escalation Via Arbitrary File Writes in IBM AIX CVE: CVE-2014-3074 Vendor: IBM Product: AIX Affected version: AIX 6.1 and 7.1 and VIOS 2.2. Reported by: Tim Brown Details: It has been identified that the runtime linker allows privilege escalati...

TestLink 1.9.11 - Multiple SQL Injection Vulnerabilities

No description provided by source. Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...

PHPCompta/NOALYSS 6.7.1 5638 - Remote Command Execution

Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does not validate the syntax of the commands when processing...

TestLink 1.9.11 - Multiple SQL Injections

TestLink 1.9.11 - Multiple SQL Injections Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection...

PHPCompta/NOALYSS 6.7.1 5638 Remote Command Execution

Vulnerability title: Remote Command Execution in PHPCompta/NOALYSS CVE: CVE-2014-6389 Vendor: PHPCompta Product: PHPCompta/NOALYSS Affected version: 6.7.1 5638 Fixed version: 6.7.2 Reported by: Jerzy Kramarz Details: PhpCompta 6.7.1-2 does not validate the syntax of the commands when processing...

TestLink 1.9.11 SQL Injection

Vulnerability title: Multiple SQL Injection Vulnerabilities in TestLink CVE: CVE-2014-5308 Vendor: Testlink Product: TestLink Affected version: 1.9.11 Fixed version: Fixed in SVN commit number 7a09973 Reported by: Jerzy Kramarz Details: Two SQL injection vulnerabilities have been found and...

Immunity Canvas: ESET_EPFWNDIS

Name| ESETEpFwNDIS ---|--- CVE| CVE-2014-4973 Exploit Pack| CANVAS Description| EpFwNDIS.sys Trusted Value Vulnerability Notes| Repeatability: Infinite Notes: This module exploits a vulnerability on the ESET Personal Firewall NDIS filter EpFwNdis.sys driver. The Firewall Module Build 1183 2014021...