5315 matches found
Notepad++ 6.6.9 - Buffer Overflow
Notepad++ 6.6.9 - Buffer Overflow !/usr/bin/python Exploit Title: NotePad++ v6.6.9 Buffer Overflow URL Vendor: http://notepad-plus-plus.org/ Vendor Name: NotePad Version: 6.6.9 Date: 22/12/2014 CVE: CVE-2014-1004 Author: TaurusOmar Twitter: @TaurusOmar Email: [email protected] Home:...
Design/Logic Flaw
Cisco Prime Infrastructure allows remote authenticated users to read device-discovery passwords by examining the HTML source code of the Quick Discovery options page, aka Bug ID CSCum00019...
CVE-2014-8007
Cisco Prime Infrastructure is affected by a vulnerability where the Quick Discovery options page HTML source contains stored device-discovery passwords. Exploitation requires authenticated access, enabling an attacker to view passwords through normal page inspection. The issue is described in Cis...
Mango cloud KODExlporer information leak+arbitrary command execution getshell(a-vulnerability warning-the black bar safety net
Do you want to blast your entire chrysanthemum it??? I take it slow and... Don't be afraid to hurt it. Give up Detailed description: Code I from official website next. Dog brother, waiting for the Universal rewards. I don't have how analysis, own download sets of source code to build it! I don't...
openSUSE Security Update : perl-Plack (openSUSE-SU-2014:1639-1)
This perl-Plack update fixes the following security issue : - bnc892328: trailing slashes removed leading to source code disclosure CVE-2014-5269 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Updat...
Wix.com Cross Site Scripting
57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...
OracleVM 3.3 : wget (OVMSA-2014-0036)
The remote OracleVM system is missing necessary patches to address critical security updates : - Fix CVE-2014-4877 wget: FTP symlink arbitrary filesystem access 1156133 - Fix the parsing of weblink when doing recursive retrieving 960137 - Fix errors found by static analysis of source code 873216 ...
Android WAPPushManager - SQL Injection
INTRODUCTION ================================== In Android 5.0, a SQL injection vulnerability exists in the opt module WAPPushManager, attacker can remotely send malformed WAPPush message to launch any activity or service in the victim's phone need permission check DETAILS...
Nisuta Information Disclosure
Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Netgear Information Disclosure
Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Netgear Information Disclosure
Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
D-LINK Router Information Disclosure
Local path disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Huawei Information Disclosure
Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
D-LINK Authentication Bypass
Remote authentication bypass Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Apache Axis2 FD
Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...
Web Application Protection - Tool to detect and correct vulnerabilities in PHP web applications
WAP 2.0 is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher and with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-si...
CVE-2014-4311
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
Code injection
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
CVE-2014-4311
Epicor Enterprise 7.4 before FS74SP6HotfixTL054181 allows attackers to obtain the 1 Database Connection and 2 E-mail Connection passwords by reading HTML source code of the database connection and email settings page...
SEC Consult SA-20141029-0 :: Multiple critical vulnerabilities in Vizensoft Admin Panel
SEC Consult Vulnerability Lab Security Advisory 20141029-0 ======================================================================= title: Multiple critical vulnerabilities product: Vizensoft Admin Panel vulnerable version: 2014 fixed version: - impact: critical homepage: http://www.vizensoft.com...