8 matches found
A Vulnerability Disclosure Program is not just a page on a web site
It’s great to see an increasing number of organisations starting down the path of a Vulnerability Disclosure Program or ‘VDP,’ but it increasingly strikes me that these are ‘check box’ exercises rather than a genuine desire to interact positively with researchers and improve security. A VDP is a...
SplashID 5.5 / SplashID Lite 4.6 For iPhone Password Caching Issue
I submitted this vulnerability report about the password database SplashID to cert.org in early November 2010. CERT bounced it back saying they were too busy. No big deal, so I sent it to the product's vendor, SplashData, on 11/5/2010. I worked with SplashData for a few weeks to help them...
Sun Java Deployment Toolkit Plugin and ActiveX Control Vulnerability
The Sun Java Development Toolkit plugin and ActiveX control contain a vulnerability. This vulnerability is due to insufficient argument validation. By convincing a user to visit a specially crafted HTML document, an attacker may be able to exploit this vulnerability and execute an arbitrary JAR...
HC Newssystem 1.0-1.4 (index.php ID) Remote SQL Injection Vulnerability
No description provided by source. HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL Inj.- SQL Inj...
HC Newssystem 1.0-1.4 - index.php?ID SQL Injection
HC Newssystem 1.0-1.4 - index.php?ID SQL Injection HC NEWSSYSTEM 1.0-4 index.php "ID" Blind SQL Injection Type : SQL Injection Release Date : 2007-03-08 Product / Vendor : HC Design News Publisher. http://www.hcdesign.at/demo Bug : http://localhost/script/index.php?option=news&aktion=komm&ID=-SQL...
TikiWiki Sql injection & XSS Vulnerabilities
---------------------------------------------------------------- Security Advisory ^ http://securitynews.ir/ Advisory Title: TikiWiki Sql injection & XSS Vulnerabilities @ Author : bug @ securitynews.ir $ Product Vendor : http://tikiwiki.org/ . Affected Versions : 1.9.3.2 and maybe before / Relea...
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...
phpRPC decode function command execution
Added: 03/13/2006 CVE: CVE-2006-1032 BID: 16833 OSVDB: 23514 Background phpRPC is an xmlrpc library written in PHP supporting most databases. Problem A vulnerability in the decode function allows a remote attacker to execute arbitrary PHP commands placed inside a tag. Resolution phpRPC is no long...