Pydio File Upload

Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

November 2013 Adobe Flash, ColdFusion security patches

Adobe patched two vulnerabilities in its ColdFusion web application server today, and also released a Flash Player update that patched a remote code execution bug in the software. A company spokesperson said none of the vulnerabilities are being exploited, nor are they related to the recent theft...

WordPress Gallery Bank 2.0.19 Cross Site Scripting

SOJOBO-ADV-13-03 - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting I. Information ================== Name : Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting Software : Gallery Bank 2.0.19 and possibly below. Vendor Homepage : http://gallery-bank.com/...

Another Master Key vulnerability discovered in Android 4.3

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...

MODx 2.2.10 Cross Site Scripting

SOJOBO-ADV-13-02 - MODx 2.2.10 Reflected Cross Site Scripting I. Information ================== Name : MODx 2.2.10 Reflected Cross Site Scripting Software : MODx 2.2.10 and possibly below. Vendor Homepage : http://modx.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity : Low 2/5...

java-1.7.0-openjdk security update

1.7.0.45-2.4.3.1.0.1.el510 - Add oracle-enterprise.patch - Fix DISTRONAME to 'Enterprise Linux' 1.7.0.45-2.4.3.1.el5 - Updated to icedtea 2.4.3 - Resolves: rhbz1017623 1.7.0.45-2.4.3.0.el5 - fixed and updated tapset - removed bootstrap - source 11 redeclared to 1111 - added source12:...

Cheng's dance CMSPHP3. 0 stored xss getshell-a vulnerability warning-the black bar safety net

This cms before 9 0 someone made a getshell,when is background verification file problem The official website has been patched, so again, source Because the backend login will also need the authentication code so the injection didn't see. There xss Vulnerability file user/member/skinedit.php trtd...

Bilboplanet SQLi via auth

SQL Injection vulnerability in BilboPlanet auth.php. Vulnerability Type: SQL Injection For the exploit source code contact DSquare Security sales team...

SEC Consult SA-20131004-0 :: SQL injection vulnerability in Zabbix

SEC Consult Vulnerability Lab Security Advisory 20131004-0 ======================================================================= title: SQL injection vulnerability product: Zabbix vulnerable version: =2.0.8 fixed version: 2.0.9rc1 CVE number: CVE-2013-5743 impact: critical homepage:...

October 2013 Adobe Patches Unrelated to Adobe Hack, Breach

Adobe, still reeling from the public disclosure of a massive breach of source code and customer information, released two security advisories today patching vulnerabilities unrelated to the recent break-in. The first concerns a vulnerability in Adobe RoboHelp 10 for Windows that could allow an...

Adobe Hackers Hit Other Companies

The attackers behind the Adobe hack and breaches against data brokers such as LexisNexis have also been linked to similar intrusions against other unnamed organizations. Security expert Alex Holden, who along with security blogger Brian Krebs uncovered the data lost in the Adobe breach, said thos...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by "The Hole Seekers" and selling 150,000 emails and hashed passwords stolen from...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems' internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe's most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

GLPI 0.84.1 RCE

Remote command execution vulnerability in GLPI install/install.php Vulnerability Type: Remote Command Execution For the exploit source code contact DSquare Security sales team...

Bitcoin Talk forum hacked; Database for Sale by Hacker; Website currently down

Bitcoin Talk, the popular Bitcoin discussion forum, has been hacked and as it stands the site is currently unreachable. Bitcointalk has been down for nearly 6 hours. The forums have been allegedly hacked and Defaced by “The Hole Seekers” and selling 150,000 emails and hashed passwords stolen from...

Adobe Gets Hacked; Hackers Steal 2.9 million Adobe Customers accounts

Hackers broke into Adobe Systems’ internal network on Thursday, stealing personal information on 2.9 million customers and the source code for several of Adobe’s most popular products. This an absolutely massive blow to Adobe, especially their reputation. Adobe, which makes Photoshop and other...

Adobe Acrobat, ColdFusion Source Code, Customer Data Stolen

Attackers accessed customer IDs, encrypted passwords as well as source code for a number of Adobe products, Adobe chief security officer Brad Arkin announced. Arkin said Adobe is working with law enforcement on the breach in which attackers accessed source code for Adobe Acrobat, ColdFusion,...

Zenphoto 1.4.5.2 Cross Site Scripting / SQL Injection

SOJOBO-ADV-13-01 - Zenphoto 1.4.5.2 multiple vulnerabilities I. Information ================== Name : Zenphoto 1.4.5.2 multiple vulnerabilities Software : Zenphoto 1.4.5.2 and possibly below. Vendor Homepage : http://www.zenphoto.org/ Vulnerability Type : SQL Injection, Reflected Cross-Site...

Adobe Customer Information and Source Code Compromises

US-CERT is aware of the public acknowledgement of a compromise of up to 3 million Adobe customers' information, including names and detailed account information. The source code for multiple Adobe products may also have been compromised. US-CERT advises that Adobe customers be aware of possible...

CVE-2013-5572

Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldapbindpassword value in the HTML source code...