SWFupload 2.5.0 - Cross Frame Scripting (XFS) Vulnerability

Document Title: =============== SWFupload 2.5.0 - Cross Frame Scripting XFS Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1422 Release Date: ============= 2015-01-25 Vulnerability Laboratory ID VL-ID: ====================================...

Fedora 19 : wget-1.16-3.fc19 (2014-15405)

add fix for arches with unsigned char security update Fix the progress bar issue 1159643 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Fedora 20 : wget-1.16-3.fc20 (2014-15385)

add fix for arches with unsigned char - security update - Fix the progress bar issue 1159643 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible...

Progress OpenEdge 11.2 - Directory Traversal

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87398' vul ID version = '1' author = 'fenghh' vulDate = '2014-10-31' createDate =...

CVE-2014-8555

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

Directory traversal

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

CVE-2014-8555

Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. dot dot in the selection parameter...

CVE-2014-8555

CVE-2014-8555 : A directory traversal in Progress OpenEdge 11.2’s report/reportViewAction.jsp allows remote attackers to read arbitrary files by manipulating the selection parameter with dot-dot sequences. Public exploit references (Exploits/35127, PacketStorm) describe requesting URLs like repor...

Progress OpenEdge 11.2 Directory Traversal

Exploit Title: Progress OpenEdge Directory Traversal Date: 30/10/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.progress.com Software Link: www.progress.com/products/openedge Version: 11.2 Tested on: Windows OS CVE : CVE-2014-8555 The malicious user sends a malformed request that...

Progress OpenEdge 11.2 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Exploit Title: Progress OpenEdge Directory Traversal Date: 30/10/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.progress.com Software Link: www.progress.com/products/openedge Version: 11.2 Tested on: Windows OS CVE : CVE-2014-8555 T...

ManageEngine EventLog Analyzer - Multiple Vulnerabilities (2)

Multiple vulnerabilities in ManageEngine EventLog Analyzer Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 05/11/2014 / Last updated: 05/11/2014 Background on the affected product:...

Progress OpenEdge 11.2 - Directory Traversal

Progress OpenEdge 11.2 - Directory Traversal...

Progress OpenEdge 11.2 - Directory Traversal

Exploit Title: Progress OpenEdge Directory Traversal Date: 30/10/2014 Exploit Author: Mauricio Correa Vendor Homepage: www.progress.com Software Link: www.progress.com/products/openedge Version: 11.2 Tested on: Windows OS CVE : CVE-2014-8555 The malicious user sends a malformed request that...

Progress 3.1 Webspeed _CPYFile.P Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23634/info Progress WebSpeed is prone to a vulnerability that lets attackers gain unauthorized access to and execute administrative scripts. An attacker may leverage this issue to create and execute malicious WebSpeed cod...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (8)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress utilities checks the user's PATH...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (5)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...

Progress Database 8.3/9.1 - Multiple Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3404/info Progress is a commercial database for Microsoft Windows and Unix systems. Locally exploitable buffer overflows are prevalent throughout many Progress Database programs. This is largely due to insufficient bounds...

Progress 9.1 sqlcpp Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4402/info Progress is a commercial database for Microsoft Windows and Unix systems. A buffer overflow has been reported in the sqlcpp program included with Progress, used as a SQL preprocessor. Execution of arbitrary code...

MS Windows 2000/NT 4/XP Window Message Subsystem Design Error Vulnerability (4)

No description provided by source. source: http://www.securityfocus.com/bid/5408/info A serious design error in the Win32 API has been reported. The issue is related to the inter-window message passing system. This vulnerability is wide-ranging and likely affects almost every Win32 window-based...