[Onapsis Security Advisory 2012-01] Oracle JD Edwards JDENET Arbitrary File Write

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Onapsis Security Advisory: Oracle JD Edwards JDENET Arbitrary File Write This advisory can be downloaded in PDF format from http://www.onapsis.com/. By downloading this advisory from the Onapsis Resource Center, you will gain access to beforehand...

Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability

Exploit for hardware platform in category web applications Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Homepage: http://www.yealink.com/ Impact: Medium Authentication: Required CVE: CVE-2012-1417 Found: 2012-02-21 Author: Narendra Shind...

Yealink VOIP Phone - Persistent Cross-Site Scripting

Yealink VOIP Phone - Persistent Cross-Site Scripting ============================================================== Secur-I Research Group Security Advisory SV-2012-005 ============================================================== Title: Yealink VOIP Phone Persistent Cross Site Scripting...

Google Service Reward #1 - ClickJacking Vulnerability

Document Title: =============== Google Service Reward 1 - ClickJacking Vulnerability References: =========== Download: http://www.vulnerability-lab.com/resources/videos/416.wmv View: http://www.youtube.com/watch?v=6N0YS9cTRHw Release Date: ============= 2012-02-06 Vulnerability Laboratory ID VL-I...

Google Service Reward #1 - ClickJacking Vulnerability

Document Title: =============== Google Service Reward 1 - ClickJacking Vulnerability References: =========== Download: http://www.vulnerability-lab.com/resources/videos/416.wmv View: http://www.youtube.com/watch?v=6N0YS9cTRHw Release Date: ============= 2012-02-06 Vulnerability Laboratory ID VL-I...

Citrix Provisioning Services Opcode 40020006 Integer Underflow

Added: 01/20/2012 BID: 49803 Background Citrix Provisioning Services dynamically provisions virtual servers to simplify and streamline server management, while reducing software rollout risk. Problem Citrix Provisioning Services 5.6 SP1 and prior are vulnerable to a remotely exploitable integer...

Cloupia End-to-end FlexPod Management Directory Traversal

Exploit for jsp platform in category web applications Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides end-to-end FlexPod management and...

Cloupia End-To-End FlexPod Management Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...

Cloupia End-to-end FlexPod Management - Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes...

Cloupia End-to-end FlexPod Management - Directory Traversal

Cloupia End-to-end FlexPod Management - Directory Traversal Vulnerability Advisory Information Advisory ID: KUSTODIAN-2011-011 Date published: Jan 13, 2011 Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: Yes Software Description Provides...

Siemens Scalance S Multiple Security Vulnerabilities

Overview ICS-CERT has received a report from Siemens regarding two security vulnerabilities in the Scalance S Security Module firewall. This vulnerability was reported to Siemens by Adam Hahn and Manimaran Govindarasu for coordinated disclosure. The first issue is a brute-force credential guessin...

TeamSHATTER Security Advisory: Database Vault Account Management Vulnerabilites

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory October 20, 2011 Risk Level: Medium Affected versions: Oracle Database Server version 10gR2, 11gR1 and 11gR2 Remote exploitable: Yes Credits: This vulnerability was discovered and researched by Esteban Martinez Fayo of...

WellinTech KingView History Server Buffer Overflow

Overview ICS-CERT has received a report from the Zero Day Initiative ZDI concerning a heap-based buffer overflow vulnerability in WellinTech’s Kingview HistoryServer.exe, which may allow a remote, unauthenticated attacker to execute arbitrary code. This vulnerability was reported to ZDI by...

[Onapsis Security Advisory 2011-014] SAP WebAS Remote Denial of Service

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ?Onapsis Security Advisory 2011-014: SAP WebAS Remote Denial of Service 1. Impact on Business ========================= By exploiting this vulnerability, an unauthenticated attacker would be able to remotely disrupt the SAP Application Server. This...

vBulletin 4.1.3pl3 / 4.1.4pl3 / 4.1.5pl1 Cross Site Scripting

Advisory Information Title: vBulletin Cross Site Scripting Vulnerability Date published: 02-08-2011 Vendors contacted: vBulletin team Vulnerability Information Class: XSS flaw Vulnerable page: Admin Login Page admincp Remotely Exploitable: Yes Locally Exploitable: No Vulnerability Description...

TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (notifRuleInfo$mode page)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager vulnerable to Cross-site scripting notifRuleInfo$mode page July 26, 2011 Risk Level: Medium Affected versions: Oracle Enterprise Manager Grid Control versions 10.1.0.6 Oracle Enterprise Manager...

TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (metricDetail$type page)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager vulnerable to Cross-site scripting metricDetail$type page July 26, 2011 Risk Level: Medium Affected versions: Oracle Enterprise Manager Grid Control versions 10.1.0.6, 10.2.0.5 Oracle Enterprise...

TeamSHATTER Security Advisory: Oracle Enterprise Manager vulnerable to XSS (sitemap page)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager vulnerable to Cross-site scripting sitemap page July 26, 2011 Risk Level: Medium Affected versions: Oracle Enterprise Manager Grid Control versions 10.1.0.6 Oracle Enterprise Manager control...

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery Secur-I Research Group Security Advisory ======================================================================= Title: OpenX Ad Server CSRF Vulnerability Product: OpenX Ad Server Vulnerable version: 2.8.7 and probably earlier versions Fixed...

InduSoft ISSymbol ActiveX Control Buffer Overflow

Overview ICS-CERT has received a report from independent security researcher Dmitriy Pletnev of Secunia Research about ActiveX control buffer overflow vulnerabilities with proof-of-concept exploit code affecting the InduSoft ISSymbol product. Secunia has coordinated with InduSoft, who has produce...