179 matches found
FileBound 6.2 Privilege Escalation Vulnerability
No description provided by source. Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege...
Iciniti Store - SQL Injection
No description provided by source. Sense of Security - Security Advisory - SOS-12-003 Release Date. 06-Mar-2012 Last Update. - Vendor Notification Date. 28-Jul-2011 Product. Iciniti Store Platform. Windows Affected versions. 4.3.3683.31484 verified, and possibly others Severity Rating. High Impac...
Elcom CommunityManager.NET Auth Bypass Vulnerability
No description provided by source. Elcom CommunityManager.NET Auth Bypass Vulnerability - Security Advisory - SOS-10-004 Release Date. 20-Dec-2010 Last Update. - Vendor Notification Date. 22-Jan-2010 Product. Elcom Technology's CommunityManager.NET Platform. IIS with ASP.NET Affected versions. v6...
Elcom CMS 7.4.10 Community Manager Insecure File Upload
No description provided by source. Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom...
GNU Chess 5.0 - Local Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8097/info A local buffer overflow has been reported for GNU Chess that may result in an attacker obtaining elevated privileges. The vulnerability exists due to insufficient boundary checks performed on some commandline...
[SECURITY] CVE-2013-4322 Incomplete fix for CVE-2012-3544 (Denial of Service)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-4322 Incomplete fix for CVE-2012-3544 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: - - Apache Tomcat 8.0.0-RC1 to 8.0.0-RC5 - - Apache Tomcat 7.0.0 to 7.0.47 - - Apache Tomcat 6.0.0 to 6.0.37...
Google AD Sync Tool - Exposure of Sensitive Information
Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...
Google Active Directory Sync (GADS) Tool 3.1.3 Information Disclosure
Sense of Security - Security Advisory - SOS-13-001 Release Date. 03-Apr-2013 Last Update. - Vendor Notification Date. 03-Sep-2012 Product. Google Active Directory Sync GADS Tool Platform. Windows, Linux, Solaris Affected versions. All versions up to 3.1.3 Severity Rating. High Impact. Exposure of...
CVE-2013-1402 - DigiLIBE Management Console - Execution After Redirect (EAR) Vulnerability
Product: DigiLIBE Management Console Vendor: Digitiliti Version: 3.4 - ? Tested Version: 3.4 Vendor Notified Date: October 09, 2012 Release Date: January 18, 2013 Risk: High Authentication: None required Remote: Yes Description: Execution After Redirect vulnerabilities exist in DigiLIBE Managemen...
RHEL 5 : scsi-target-utils (RHSA-2010:0518)
An updated scsi-target-utils package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Nexpose Security Console - Cross-Site Request Forgery
Nexpose Security Console - Cross-Site Request Forgery Product: Nexpose Security Console Vendor: Rapid7 Version: //document.forms0.submit; //uncomment to auto-submit /code 2. Lure victim to http://attackersite.com/nexpose-csrf.htm. 3. Site with ID 1 is deleted when form is submitted. V...
CVE-2012-6493 - Nexpose Security Console - Cross-Site Request Forgery (CSRF)
Product: Nexpose Security Console Vendor: Rapid7 Version: 5.5.3 Tested Version: 5.5.1 Vendor Notified Date: December 19, 2012 Release Date: January 2, 2013 Risk: High Authentication: None required Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in Nexpose Securit...
SilverStripe CMS 3.0.2 Cross Site Request Forgery / Cross Site Scripting
Sense of Security - Security Advisory - SOS-12-011 Release Date. 30-Nov-2012 Last Update. - Vendor Notification Date. 29-Oct-2012 Product. SilverStripe CMS Platform. Windows Affected versions. 3.0.2 Severity Rating. Medium Impact. Privilege escalation, cross-site scripting Attack Vector. From...
FileBound 6.2 - Local Privilege Escalation
Sense of Security - Security Advisory - SOS-12-010 Release Date. 10-Oct-2012 Last Update. - Vendor Notification Date. 14-Aug-2012 Product. FileBound On-Site Platform. Windows Affected versions. All versions prior to 6.2 Severity Rating. High Impact. Privilege escalation Attack Vector. From remote...
[CVE-ID REQUEST] Atlassian Confluence - Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities
Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in...
Ektron CMS 8.5.0 File Upload / XXE Injection Vulnerability
Exploit for php platform in category web applications Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive informatio...
Ektron CMS 8.5.0 - Multiple Vulnerabilities
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload
Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform...
Elcom CMS 7.4.10 Community Manager Insecure File Upload
Exploit for asp platform in category web applications Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected...
Elcom Community Manager 7.4.10 Shell Upload
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...