Cart Engine 3.0 SQL Injection

SQL Injection vulnerabilty in Cart Engine cart.php Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

ctags: Denial of service

Stefano Zacchiroli discovered a vulnerability in ctags, a tool to build tag file indexes of source code definitions: Certain JavaScript files cause ctags to enter an infinite loop until it runs out of disk space, resulting in denial of service...

FreeBSD-SA-14:20.rtsold

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-14:20.rtsold Security Advisory The FreeBSD Project Topic: rtsold8 remote buffer overflow vulnerability Category: core Module: rtsold Announced: 2014-10-21 Credits...

Mozilla.org Cross Site Scripting

Domains: http://lxr.mozilla.org/ http://mxr.mozilla.org/ The two domains above are almost the same Websites information: lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline...

CVE-2014-2061

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

Input validation

The input control in PasswordParameterDefinition in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to obtain passwords by reading the HTML source code, related to the default value...

[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

Cloud application security: preventing security vulnerabilities-vulnerability warning-the black bar safety net

Currently, cloud-based applications are widely used, and with amazing speed growing. Since cloud-based applications can be accessed through the Internet, and anyone, anywhere can access – therefore, application security becomes particularly important. This is why the creation and management of...

Google engineers NeelMehta is how to find heart blood vulnerability-vulnerability warning-the black bar safety net

Heartbleed computer security vulnerabilityis by Google engineers NeelMehta found, has always been unwilling to accept media to interview him today for the first time to the media to say how he found this serious vulnerability; and why would go the first time to find the vulnerabilities, and he...

[SECURITY] Fedora 19 Update: cscope-15.8-5.fc19

cscope is a mature, ncurses based, C source code tree browsing tool. It allows users to search large source code bases for variables, functions, macros, etc, as well as perform general regex and plain text searches. Results are returned in lists, from which the user can select individual matches...

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

Code injection

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

CVE-2014-4761

CVE-2014-4761 affects IBM WebSphere Portal versions 6.1.0.x, 6.1.5.x, 7.0.x, 8.0 before 8.0.0.1, and 8.5.0 through 8.5.0.0. It allows remote authenticated users to discover credentials by reading HTML source code. The vulnerability is triggered by exposing credential information via HTML source, ...

CVE-2014-4761

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 before 8.0.0.1 CF14, and 8.5.0 through 8.5.0.0 CF02 allows remote authenticated users to discover credentials by reading HTML source code...

[SECURITY] [DSA 3042-1] exuberant-ctags security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3042-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff October 04, 2014 http://www.debian.org/security/faq -...

Belkin Router Information Disclosure

Remote administrator password Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

ShopEx某wiki系统弱密码导致大量敏感信息和源码泄漏

简要描述： ShopEx某wiki系统弱密码导致大量敏感信息和源码泄漏 详细说明： http://workspace.ec-ae.com/wiki/index.php 帐号：lixiaoli 密码：19731125 然后通过wiki 找出3个svn帐号 wangyan:326459 wangyan 51086858 Bellawy 123456 get 了大量源码 http://scm.ec-ae.com/platform/branches/current http://scm.ec-ae.com/ecaepartner/branches/current...

Lunar CMS 3.3 File Upload

File upload vulnerability in Lunar CMS Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

IBM Sametime Meet Server 8.5 Password Disclosure

Exploit Title: IBM Sametime Meet Server 8.5 Password Disclosure Google Dork: intitle:"Meeting Center - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:L/AC:L/Au:N/C:P/I:N/A:N CVE-ID:...

Dan Geer: Security at the Forefront of Policy Decisions

LAS VEGAS – Dan Geer carried his version of computer security’s Ten Commandments to a rapt Black Hat 2014 audience today, offering up 10 personal recommendations and observations related to the current state of security in the context of government surveillance and eroding privacy. Adorned in...