AFCommerce - 'adminpassword.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...

MediaWiki < 1.19.8, 1.20.x < 1.20.7, 1.21.x < 1.21.2 Information Disclosure Vulnerabilities (Dec 2013) - Active Check

MediaWiki is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

D-Link DIR-Series Routers - &#039;/model/__show_info.php&#039; Local File Disclosure

source: https://www.securityfocus.com/bid/64043/info Multiple D-Link DIR series routers are prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input. Exploiting this vulnerability would allow an attacker to obtain potentially sensitive information...

Nagios XI SQLi Vulnerability (Dec 2013) - Active Check

Nagios XI is prone to an SQL injection SQLi vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

WordPress Theme Suco - &#039;themify-ajax.php&#039; Arbitrary File Upload

source: https://www.securityfocus.com/bid/63836/info The Suco themes for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload...

Symantec Altiris DS SQL injection

Added: 11/18/2013 CVE: CVE-2008-2286 BID: 29198 OSVDB: 45313 Background Altiris Deployment Solution DS is software for managing the configuration of machines on a network. Problem An SQL injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

nMap Vulnerability Scanner: Vulscan

Vulscan is a module which enhances nmap to a vulnerability scanner. The nmap option -sV enables version detection per service which is used to determine potential flaws according to the identified product. The data is looked up in an offline version scip VulDB. Version 2.0 of Nmap NSE Vulscan is...

Webuzo <= 2.1.3 Cookie Value Handling Remote Command Injection Vulnerability

Webuzo is prone to a remote command-injection vulnerability because it fails to adequately sanitize user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Google Chrome Multiple Vulnerabilities-02 (Oct 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Microsoft SharePoint Foundation Remote Code Execution vulnerability (2885089)

This host is missing an important security update according to Microsoft Bulletin MS13-084. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

davfs2 1.4.61.4.7 - Local Privilege Escalation

davfs2 1.4.61.4.7 - Local Privilege Escalation davfs2 1.4.6/1.4.7 local privilege escalation exploit Bug Description: davfs2 is a Linux utility which allows OS users to mount a remote webdav server as a local partition. The bug is well documented at...

WordPress Plugin SEO Watcher - ofc_upload_image.php Arbitrary PHP Code Execution

WordPress Plugin SEO Watcher - ofcuploadimage.php Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/62825/info The SEO Watcher plugin for WordPress is prone to an arbitrary PHP code-execution vulnerability. An attacker can exploit this issue to execute arbitrary PHP code with...

Measuresoft ScadaPro Server DLL Code Execution Vulnerability

Measuresoft ScadaPro Server is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

FreeSMS - pagescrc_handler.php Multiple Cross-Site Scripting Vulnerabilities

FreeSMS - pagescrchandler.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/63004/info FreeSMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker...

OTRS ITSM 'Body' Field HTML Injection Vulnerability (OSA-2012-01)

OTRS Open Ticket Request System or OTRS:ITSM is prone to HTML injection vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

SilverStripe CMS - Multiple HTML Injection Vulnerabilities

SilverStripe CMS - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/62782/info SilverStripe is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in th...

Mac OS X : Apple Safari < 5.1.10 Memory Corruptions

The version of Apple Safari installed on the remote Mac OS X 10.6 host is earlier than 5.1.10. It is, therefore, potentially affected by two memory corruption vulnerabilities in JavaScriptCore's JSArray::sort method. By tricking a user into visiting a malicious website, an attacker could leverage...

Symantec PGP Desktop and Encryption Desktop Integer Overflow Vulnerability

Symantec PGP/Encryption Desktop is prone to an integer overflow vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Update: Linksys EA2700, EA3500, E4200v2, EA4500 Unspecified unauthenticated remote access

----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for: - Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under...

OpenNetAdmin 'ona.log' File Remote PHP Code Execution Vulnerability

OpenNetAdmin is prone to a remote PHP code-execution vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...