2852 matches found
FancyFon FAMOC 3.16.5 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2014-011 Products: FAMOC Vendor: FancyFon Affected Versions: 3.16.5 Tested Versions: 3.16.5 Vulnerability Type: Cross-Site Scripting CWE-79 Risk Level: Medium Solution Status: Fixed Vendor Notification: 2014-12-19 Solution Date:...
WordPress Shopping Cart 3.0.4 - Unrestricted File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 29-10-2014 Software Link: https://wordpress.org/plugins/wp-easycart/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website:...
Inmatrix-Ltd.-Zoom-Player-8.5-.jpeg
Exploit Title: Inmatrix Ltd. Zoom Player Crafted JPEG File Memory Corruption and Arbitrary Code Execution Exploit. Version: Zoom Player v8.5 Date: 09-1-2013 Author: Debasish Mandal. Blog : http://www.debasish.in/ d =...
Cisco ASA SSL VPN Information Disclosure (CSCuq65542)
According to its banner, the version of the Cisco ASA software on the remote device is affected by an information disclosure vulnerability in the SSL VPN feature. By requesting a specific URL, a remote attacker can exploit this vulnerability to obtain software version information which could be...
SUSE-SU-2015:1098-1 Security update for wireshark
wireshark has been updated to version 1.10.11 to fix five security issues. These security issues have been fixed: SigComp UDVM buffer overflow CVE-2014-8710. AMQP dissector crash CVE-2014-8711. NCP dissector crashes CVE-2014-8712, CVE-2014-8713. TN5250 infinite loops CVE-2014-8714. This...
Schneider Electric ClearSCADA Uncontrolled Resource Consumption Vulnerability
OVERVIEW Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an uncontrolled resource consumption vulnerability in the Schneider Electric SCADA Expert ClearSCADA software. Schneider Electric has produced a new version that mitigates this vulnerability. Adam Crain has...
F5 Networks BIG-IP : SSL acceleration card timing vulnerability (K15500)
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used with third-party Secure Sockets Layer SSL accelerator cards, might allow remote attackers to have...
CVE-2014-3398
The SSL VPN implementation in Cisco Adaptive Security Appliance ASA Software allows remote attackers to obtain potentially sensitive software-version information by reading the verbose response data that is provided for a request to an unspecified URL, aka Bug ID CSCuq65542...
PT-2014-5288 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: A issue in the SSL VPN implementation allows remote attackers to obtain potentially sensitive software-version information by reading the verbose...
Rockwell Automation Connected Components Workbench ActiveX Component Vulnerabilities
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on November 6, 2014, and is being released to the NCCIC/ICS-CERT web site. Independent researcher Andrea Micalizzi working through ZDI has identified two custom ActiveX Component vulnerabilities in Rockwell...
Python Untrusted Search Path/Code Execution Vulnerability
No description provided by source. Exploit Title: Python untrusted search path/code execution vulnerability Date: 7.6.12 Exploit Author: rogueclown Vendor Homepage: http://www.python.org Software Link: http://www.python.org/getit/releases/ Version: python 2.7.2 and python 3.2.1 Tested on: linux m...
Flare <= 0.6 - Local Heap Overflow DoS
No description provided by source. Exploit Title: Flare = 0.6 local heap overflow DoS Date: 3/7/2010 Author: l3D Software Link: http://www.nowrap.de/download/flare06doswin.zip Version: 0.6 Tested on: Windows 7, Windows XP SP2 and some linux distributions Code: !/usr/bin/env python IRC:...
PlaySMS <= 0.9.5.2 - Remote File Inclusion Vulnerability
No description provided by source. ============================================================================================================= o PlaySMS = Remote File Inclusion Vulnerability Software : PlaySMS ver 0.9.5.2 Vendor : http://playsms.org/ Author : NoGe Contact :...
Oracle Forms and Reports 11.1 - Remote Exploit
No description provided by source. !/usr/bin/env ruby Exploit Title: Oracle Reports 11.1 About: Automated exploit for CVE-2012-3153/CVE-2012-3152 Google Dork: inurl:/reports/rwservlet/ Date: 01/28/2014 Exploit Author: Mekanismen [email protected] Credits to: @misssudo for initial disclosure...
Sagem 2604 Password Disclosure Vulnerability
Sagem 2604 suffers from a password disclosure vulnerability. +Title: Sagem 2604 Password Discolusre vulnerability +Author: TUNISIAN CYBER +Date: 6/JUN/2014 +Type:WebApp +Risk:High +Affected Version: v2604 Hardware Version: 253251193 Software Version: 3.21a4G +Overview: Sagem modem suffers, from a...
Sagem 2604 Password Disclosure
+Title: Sagem 2604 Password Discolusre vulnerability +Author: TUNISIAN CYBER +Date: 6/JUN/2014 +Type:WebApp +Risk:High +Affected Version: v2604 Hardware Version: 253251193 Software Version: 3.21a4G +Overview: Sagem modem suffers, from a password discolsure vulnerability. +Proof Of Concept:...
ICOMM 610 Wireless Modem - CSRF Vulnerability
Exploit for hardware platform in category web applications Exploit Title : ICOMM 610 Wireless Modem CSRF Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.icommtele.com/ Software Link : N/A Version : ICOMM 610 Tested on : Device softwar...
CVE-2014-2270
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service out-of-bounds memory access and crash via crafted offsets in the softmagic of a PE executable...
MediaWiki 'theloadFromSession'函数信息泄露漏洞
BUGTRAQ ID:65883 CVE ID:CVE-2014-2243 MediaWiki是一款Wiki程序。 MediaWiki的includes/User.php脚本'theloadFromSession'函数存在安全漏洞。远程攻击者可通过实施暴力破解攻击利用该漏洞获取会话令牌的访问权限。 0 MediaWiki Mediawiki 2.0.18 MediaWiki Mediawiki = 1.19.11 MediaWiki Mediawiki 1.20.x MediaWiki Mediawiki 1.21.x1.21.6 MediaWiki Mediawiki...
Security Advisory 0003
Security Advisory 0003 PDF Date: 2/14/2014 Affected Software Version: EOS-4.13.0F through EOS-4.13.1F. Note: Only publicly accessible systems are vulnerable to this attack. Bug 77553: ntpd monlist vulnerability Impact: NTP provides a monitoring service that allows administrators to query an ntpd...