Sourcefabric Newscoop - f_email SQL Injection

Sourcefabric Newscoop - femail SQL Injection source: https://www.securityfocus.com/bid/56800/info Newscoop is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Symantec Messaging Gateway < 10.0 CSRF Vulnerability

Symantec Messaging Gateway is prone to a cross-site request forgery CSRF vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress Theme Magazine Basic - id SQL Injection

WordPress Theme Magazine Basic - id SQL Injection source: https://www.securityfocus.com/bid/56664/info The Magazine Basic theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can...

Microsoft Office Remote Code Execution Vulnerabilities (2720184) - Mac OS X

This host is missing an important security update according to Microsoft Bulletin MS12-076. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

WordPress Plugin Eco-annu - &#039;eid&#039; SQL Injection

source: https://www.securityfocus.com/bid/56479/info The Eco-annu plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. An attacker can exploit this issue to compromise the application, access...

BigAnt Server 2.52 Stack Overflow Vulnerability

BigAnt Server version 2.52 SP5 SEH stack overflow ROP-based exploit with ASLR and DEP bypass. Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt...

Symphony Multiple Remote Security Vulnerabilities

Symphony is prone to multiple remote security vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

BigAnt Server 2.52 Stack Overflow

Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt Console 2.52 SP5 Tested on: Windows 7 SP0 x86 Italian - expsrv.dll 6.0.9589 Info: Vulnerability...

BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit (ASLR + DEP bypass)

Exploit for windows platform in category remote exploits Exploit Title: BigAnt Server 2.52 SP5 SEH Stack Overflow ROP-based exploit ASLR + DEP bypass Date: 03/11/2012 Exploit Author: Lorenzo Cantoni Vendor Homepage: http://www.bigantsoft.com/ Version: BigAnt Console 2.52 SP5 Tested on: Windows 7...

TP-LINK TL-WR841N Router LFI Vulnerability (Oct 2012) - Active Check

TP-LINK TL-WR841N router is prone to a local file include LFI vulnerability because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CorePlayer - &#039;callback&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/56334/info CorePlayer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

IBM Db2 SQL/PSM Stored Procedure Debugging Buffer Overflow Vulnerability - Linux

IBM Db2 is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

Oracle GlassFish / Java System Application Server CORBA ORB Subcomponent DoS Vulnerability (Oct 2012)

Oracle GlassFish / Java System Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mutiny Command Injection Vulnerability

Mutiny is prone to a command-injection vulnerability. Attackers can exploit this issue to execute arbitrary commands with root privileges. Mutiny versions prior to 4.5-1.12 are vulnerable. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced source...

AjaXplorer - &#039;checkInstall.php&#039; Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...

Cartweaver <= 3.0 LFI Vulnerability - Active Check

Cartweaver is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AjaXplorer checkInstall.php Remote Command Execution

Exploit for php platform in category web applications This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core'...

AjaXplorer checkInstall.php Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'AjaXplorer checkInstall.php Remote...

AjaXplorer checkInstall.php Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AjaXplorer 'checkInstall.php' script. All versions of AjaXplorer prior to 2.6 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

Siemens SIMATIC S7-1200 PLC 'web server' Component XSS Vulnerability (SSA-279823)

Siemens SIMATIC S7-1200 devices are prone to a cross-site scripting XSS vulnerability because they fail to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...