AOL File Inclusion / Cross Site Scripting

AOL File Inclusion / Cross Site ScrIpting Time-Line vulnerability ------------------------ -Multiples Security Advisories -Not Response -Not FeedBack -Not Fixed -Another Security Advisory & another.. -Not Response-Not FeedBack -Full Disclosure I. VULNERABILITY ------------------------- Title: AOL...

phpyun any file deleted resulting in injection+getshell-a vulnerability warning-the black bar safety net

Could have been just sent in the Law of the passenger interior, but today saw the official has been fixed, so nothing to hide, just issued. Hope you all learned knowledge, but also want a great God let me write this code, would have been hard to force, require no Agency. phpyun cloud talent syste...

Cisco WebEx Meetings Server Enterprise License Manager Administrative Password Disclosure Vulnerability

A vulnerability in the Cisco WebEx Meetings Server Enterprise License Manager web portal could allow an authenticated, remote attacker to view the administrative password for Cisco WebEx Meetings Server in clear text. The vulnerability is due to the inclusion of the Cisco WebEx Meetings Server...

CVE-2013-6687

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

Design/Logic Flaw

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

CVE-2013-6687

The web portal in the Enterprise License Manager component in Cisco WebEx Meetings Server allows remote authenticated users to discover the cleartext administrative password by reading HTML source code, aka Bug ID CSCul33876...

FreeBSD-SA-14:02.ntpd

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-14:02.ntpd Security Advisory The FreeBSD Project Topic: ntpd distributed reflection Denial of Service vulnerability Category: contrib Module: ntpd Announced:...

By wave CMS arbitrary file type upload get webshell-vulnerability warning-the black bar safety net

Brief description: There is no uploaded file type is determined, you can directly Upload a dynamic script to get webshell Detailed description: From the official website to download the cms code in the source directory edit directory batupload. aspx file By decompile to see source code as follows...

Triangle MicroWorks DNP3从源代码库远程拒绝服务漏洞

Triangle MicroWorks是一家总部设在美国的公司，Triangle MicroWorks产品是单机或第三方组件产品，使用各种传输协议与外设/从设备进行通信OPC Client, IEC 60870-6 TASE.2/ICCP Client, IEC 60870-5, DNP3, Modbus。 Triangle Research DNP3从源代码库Slave Source Code Library包含一个竞争条件缺陷，允许远程拒绝服务攻击。等待链接层应答过程中处理链接状态请求时可触发该漏洞，允许远程攻击者利用该漏洞可使链接该库的应用程序崩溃。 0 Triangle...

CVE-2013-7222

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

Code injection

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

SPIP ecran_securite connect Parameter RCE

SPIP core/securite/ecransecurite.php connect Parameter Remote Code Execution Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

ShopEx某些服务器存在任意代码执行漏洞(可泄漏用户交易数据)

简要描述： 可执行命令，查看源码！ 详细说明： php cgi漏洞 http://shop322763.p13.shopex.cn/ 漏洞证明： http://shop322763.p13.shopex.cn/?-s http://shop319398.p09.shopex.cn/?-s http://shop317459.p21.shopex.cn/?-s 尝试执行PHP代码，虽然有openbasedir，disablefunctions的限制，不过我能直接CGI方式给PHP传参，这些限制自然不在话下，bypass之。 影响的用户太多了，厂商还是自查吧。。。...

Geolocation OSINT Tool Creepy

Geolocation OSINT Tool Creepy Creepy is a geolocation OSINT tool. Gathers geolocation related information from online sources, and allows for presentation on map, search filtering based on exact location and/or date, export in csv format or kml for further analysis in Google Maps. What’s new in...

CVE-2013-6972

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126...

CVE-2013-6972

Cisco WebEx Training Center allows remote attackers to discover session numbers, and bypass host approval for audio-conference attendance, by reading HTML source code, aka Bug ID CSCul57126...

CVE-2013-6972

Cisco WebEx Training Center exposes session numbers via server HTML responses, allowing remote attackers to discover valid session numbers and bypass host approval to join audio-conferences without attendee authorization. Root cause: inappropriate disclosure of sensitive information in server rep...

Vtiger 5.4.0 Cross Site Scripting

SOJOBO-ADV-13-05 - Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity :...

Proof-of-Concept App Released for Android Jelly Bean Security Bypass Bug

The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app. The vulnerability in question lies in...

Chamilo LMS 1.9.6 (profile.php, password0 param) - SQL Injection Vulnerability

Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered vulnerability in Chamilo LMS, which can be exploited to perform SQL Injection attacks. 1 SQL Injection in Chamilo LMS: CVE-2013-6787 The vulnerability exists due to insufficient validation of...