10 matches found
ProcessMaker Enterprise Core Code Execution Vulnerability(CVE-2016-9045)
Summary A code execution vulnerability exists in ProcessMarker Enterprise Core 3.0.1.7-community. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested...
Open Fire User Import Export Plugin XML External Entity Injection(CVE-2017-2815)
Summary An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
Pimcore CMS Build 3450 Directory Traversal
Vulnerability title: Directory Traversal/Configuration Update In Pimcore CMS CVE: CVE-2015-4425 Vendor: Pimcore Product: Pimcore CMS Affected version: Build 3450 Fixed version: Build 3473 Reported by: Josh Foote Details: It is possible for an administrative user with the 'assets' permission to...
CVE-2014-3446 - Unauthenticated Blind SQL Injection in BSS Continuity CMS
Vulnerability title: Unauthenticated Blind SQL Injection in BSS Continuity CMS CVE: CVE-2014-3446 Vendor: BSS Product: Continuity CMS Affected version: 4.2.22640.0 Fixed version: N/A Reported by: Jerzy Kramarz Details: he following URL and parameters have been confirmed to suffer from Blind SQL...
HandsomeWeb SOS Webpages 1.1.11 Backup / Hash Disclosure
Vulnerability title: Unauthenticated Backup and Password Disclosure in HandsomeWeb SOS Webpages CVE: CVE-2014-3445 Vendor: HandsomeWeb Product: SOS Webpages Affected version: 1.1.11 and earlier Fixed version: 1.1.12 Reported by: Freakyclown Details: The default setup allows an unauthenticated use...
Broadcom PIPA C211 - Sensitive Information Disclosure
Broadcom PIPA C211 - Sensitive Information Disclosure Vulnerability title: Unauthenticated Credential And Configuration Retrieval In Broadcom Ltd PIPA C211 CVE: CVE-2014-2046 Vendor: Broadcom Ltd Product: PIPA C211 Affected version: Soft Rev: SR1.1, HW Rev: PIPA C211 rev2 Fixed version: N/A...
Oracle Demantra 12.2.1 - Database Credentials Disclosure
Details: Demantra has a backend function that allows anyone to retrieve the database instance name and the corresponding credentials. Impact: A remote, unauthenticated attacker could exploit this issue in combination with other found issues, to extract the database credentials and instance name...
Oracle Demantra 12.2.1 - Arbitrary File Disclosure
Details: The Team discovered a Local File Include LFI vulnerability. A file inclusion vulnerability occurs when a file from the target system is injected into a page on the attacked server page. The vulnerable page is: /demantra/GraphServlet Impact: Impact can differ based on the exploitation and...
Realplayer Watchfolders Long Filepath Overflow
Realplayer Watchfolders Long Filepath Overflow Realplayer is vulnerable to a stack buffer overflow vulnerability in the 'Watch Folders' facility CVE-2012-4987. Details here: http://www.reactionpenetrationtesting.co.uk/realplayer-watchfolders.html Research:...
Sophos Anti-Virus 6.5.4 Vulnerability
Name Cross Site Scripting Vulnerability in Sophos Anti-Virus Systems Affected Sophos Anti-Virus, version 6.5.4 R2 Severity Medium Category Cross Site Scripting Author Context Information Security Ltd Advisory 6th September 2007 Description ----------- A ZIP archive containing a virus signature wi...