OctavoCMS Cross Site Scripting

This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter. Current release on their demo site is vulnerable, same as other few sites I could find. PoC:...

Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities

No description provided by source. Exploit Title: Vanilla Forums = 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF Google Dork: n/a Date: 13/4/13 Exploit Author: Henry Hoggard Vendor Homepage: http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin Software Link:...

IBM HomePagePrint 1.0 7 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/763/info Certain versions of the IBM Web page printout software IBM HomePagePrint can in some instances be remotely exploited by malicious webservers. The problem lies in a buffer overflow in the code which handles IMGSRC...

Adobe SVG Viewer 3.0 ActiveX Control SRC Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13490/info The Adobe SVG Viewer ActiveX control is prone to an information disclosure vulnerability. Reports indicate that the Adobe SVG Viewer ActiveX control may be employed to disclose the existence of a target file...

imacs CMS 0.3.0 - Unrestricted File Upload Exploit

No description provided by source. ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : imacs CMS...

AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution

No description provided by source. AOL Products downloadUpdater2 Plugin SRC Parameter Remote Code Execution tested against: Microsoft Windows Vista sp2 Microsoft Windows Server 2003 r2 sp2 Mozilla Firefox 14.0.1 download url:...

MS IE 4/5/5.5/5.0.1 external.NavigateAndFind() Cross-Frame Vulnerability

No description provided by source. Microsoft Internet Explorer 4.0 for WfW/Windows 3.1/Windows 95/Windows NT 3/Windows NT 4,Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4,Internet Explorer 5.5,Internet Explorer 5.0.1,Internet Explorer for Unix 5.0 external.NavigateAndFi...

Kmail <= 1.9.1 (IMG SRC) Remote Denial of Service Vulnerability

No description provided by source. nnp at silenthack.co.uk http://silenthack.co.uk Kmail = 1.9.1 latest suffers from a crash when trying to parse an incorrectly formatted img tag. HTML parsing must be enabled for this. This can be done by going to Settings - Configure Kmail -Security - and tick...

openSUSE Security Update : java-1_6_0-sun (openSUSE-SU-2011:0633-1)

Oracle Java 6 Update 26 fixes several security vulnerabilities. Please refer to Oracle's site for further information: http://www.oracle.com/technetwork/topics/security/javacpujun e2011-313339.html CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0817, CVE-2011-0863, CVE-2011-0864,...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

Debian DSA-2942-1 : typo3-src - security update

Multiple security issues have been discovered in the Typo3 CMS. More information can be found in the upstream advisory: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-co re-sa-2014-001/ %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

[SECURITY] [DSA 2942-1] typo3-src security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2942-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff Jun 01, 2014 http://www.debian.org/security/faq -...

Security fix for the ALT Linux 7 package kernel-src-kvm version 3.10.21-alt8

3.10.21-alt8 built May 15, 2014 Led in task 119612 May 13, 2014 Led - updates from linux-3.10.40: + KVM: ioapic: fix assignment of ioapic-rtcstatus.pendingeoi CVE-2014-0155...

CVE-2014-2994

Stack-based buffer overflow in Acunetix Web Vulnerability Scanner WVS 8 build 20120704 allows remote attackers to execute arbitrary code via an HTML file containing an IMG element with a long URL src attribute...

java-1.6.0-openjdk security and bug fix update

1:1.6.0.1-5.1.13.3 - updated to icedtea 1.13.3 - updated to openjdk-6-src-b31-15apr2014 - renmoved upstreamed patch7, 1.13fixes.patch - Resolves: rhbz1085009...

Security fix for the ALT Linux 7 package kernel-src-kvm version 3.10.21-alt5

March 4, 2014 Led 3.10.21-alt5 - updates from linux-3.10.33: + kvm: x86: fix emulator buffer overflow CVE-2014-0049...

CVE-2014-1485

The Content Security Policy CSP implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient...

Debian Security Advisory DSA 2834-1 (typo3-src - several vulnerabilities)

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004 . OpenVAS Vulnerability Test $Id:...

Debian: Security Advisory (DSA-2834-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-2057-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...