SimplyShare 1.4 Code Execution / Local File Inclusion / XSS

Document Title: =============== SimplyShare v1.4 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1181 Release Date: ============= 2014-01-28 Vulnerability Laboratory ID VL-ID: ==================================== 1181...

Directory traversal

Directory traversal vulnerability in the Send Screen Capture implementation in Cisco Jabber 9.2.1 and earlier on Windows allows remote attackers to upload arbitrary types of files, and consequently execute arbitrary code, via modified packets, aka Bug ID CSCug48056...

PayPal.com | Send Money Stored XSS Vulnerability

This vulnerability allows steal money, cookies, infection with exploit-pack and much, much more. If the user go to the "Send Money" tab, then vulnerability is exploited. The vulnerability has not been reported to PayPal Sec-Team. PayPal developers possibly do not know about its existence. This is...

Android Vulnerability Bypasses App's Digital Signature

A vulnerability exists in the Android code base that would allow a hacker to modify a legitimate, digitally signed Android application package file APK and not break the app’s cryptographic signature—an action that would normally set off a red flag that something is amiss. Researchers at startup...

imacs CMS 0.3.0 Shell Upload

?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS Unrestricted File Upload Exploit Date...

UBUNTU-CVE-2013-2081

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data...

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2013-0308

CVE-2013-0308 affects the git tool’s imap-send command: prior to version 1.8.1.4, it does not verify that the SSL server hostname matches the certificate’s CN/subjectAltName, enabling MITM spoofing with any valid cert. Affected releases include git versions before 1.8.1.4; multiple advisories (e....

CVE-2013-0308

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

git: Incorrect IMAP server's SSL x509.v3 certificate validation in git-imap-send command

The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

AIX 7.1 TL 1 : large_send (IV14211)

AIX could allow a remote attacker to cause a denial of service, caused by an error when the TCP large send offload option is enabled on a network interface. By sending a specially crafted sequence of packets, an attacker could exploit this vulnerability to cause a kernel panic. %NASLMINLEVEL 9999...

Cisco Prime LAN Management Solution Remote Command Execution (CVE-2012-6392)

A remote command execution vulnerability exists in Cisco Prime LAN Management Solution. The vulnerability is due to use of non encrypted connection with the server. A successful exploitation would allow the attacker to execute commands, and send files...

code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument

security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...

PT-2012-2943 · Tiki · Tikiwiki Cms/Groupware

Name of the Vulnerable Software and Affected Versions: TikiWiki CMS/Groupware versions prior to 6.7 LTS and prior to 8.4 Description: The issue allows remote attackers to execute arbitrary PHP code via a crafted serialized object. This can be achieved through several parameters, including...

IBM AIX TCP Large Send Denial of Service Vulnerability

Binary data aixicmpechoreplydos.nbin...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote attackers to hijack the authentication of administrators for requests that 1 insert XSS sequences or 2 send messages to clients...

WordPress Plugin Google Maps via Store Locator 2.7.1 < 3.0.1 - Multiple Vulnerabilities

Description : Wordpress Plugins - Google Maps via Store Locator Plus Multiple Vulnerability Version : 2.7.1 - 3.0.1 Link : http://wordpress.org/extend/plugins/store-locator-le/ Plugins : http://downloads.wordpress.org/plugin/store-locator-le.3.0.1.zip Date : 26-05-2012 Google Dork :...

kernel: net: insufficient data_len validation in sock_alloc_send_pskb()

The sockallocsendpskb function in net/core/sock.c in the Linux kernel before 3.4.5 does not properly validate a certain length value, which allows local users to cause a denial of service heap-based buffer overflow and system crash or possibly gain privileges by leveraging access to a TUN/TAP...