64 matches found
JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting
The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
LogicalDOC Enterprise 7.7.4 - User Enumeration
LogicalDOC Enterprise 7.7.4 - User Enumeration LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management...
LogicalDOC Enterprise 7.7.4 - Root Remote Code Execution
LogicalDOC Enterprise 7.7.4 Post-Auth Command Execution Via Binary Path Manipulation Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management system that is designe...
Multiple OEM - 'nsd' Remote Stack Format String (PoC)
STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day - PoC - 1 $ curl...
Red Hat JBoss EAP - Deserialization of Untrusted Data
Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untrusted data via the JMX Invoker Servlet. This can lead to a...
McAfee VirusScan Enterprise 8.8 Security Bypass
Security Advisory @ Mediaservice.net Srl 01, 13/04/2016 Data Security Division Title: McAfee VirusScan Enterprise security restrictions bypass Application: McAfee VirusScan Enterprise 8.8 and prior versions Platform: Microsoft Windows Description: A local Windows administrator is able to bypass t...
iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability
Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...
iClassSchedule 1.6 Script Insertion
Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent UI Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID:...
iClassSchedule 1.6 iOS & Android - Persistent Vulnerability
Document Title: =============== iClassSchedule 1.6 iOS & Android - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1494 Release Date: ============= 2015-05-13 Vulnerability Laboratory ID VL-ID: ===================================...
Threat Outbreak Alert RuleID14582: Email Messages Distributing Malicious Software on April 10, 2015
Medium Alert ID: 38326 First Published: 2015 April 10 14:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID14582 may contain the following files: Name | Si...
Feng Office 1.7.3.3 CSRF Vulnerability
No description provided by source. Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011...
ABZ Srl CMS SQL Injection
Exploit Title: ABZ Srl Cms SQL Injection + Exploit Author: Medrik + Found Date: 13-03-2014 + Vendor Homepage: http://www.abzsrl.com/ + Google Dork: intext:"powered by ABZ Srl" inurl:pagine.php?id= + Tested on: Windows ========================================== + Exploit Vulnerability Locate:...
A10 Networks ACOS 2.7.0-P2 (Build 53) - Buffer Overflow (PoC)
A10 Networks ACOS 2.7.0-P2 Build 53 - Buffer Overflow PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 === Details === Advisory: http://www.quantumleap.it/a10-networks-remote-buffer-overflow-softax/ Affected Product: ACOS Version: 2.7.0-P2build: 53 older versions may be affected too Tested on...
Feng Office 2.3.2-rc Cross Site Scripting Vulnerability
Feng Office version 2.3.2-rc suffers from a cross site scripting vulnerability. Advisory ID: HTB23174 Product: Feng Office Vendor: Secure Data SRL Vulnerable Versions: 2.3.2-rc and probably prior Tested Version: 2.3.2-rc Advisory Publication: September 18, 2013 without technical details Vendor...
Feng Office 2.3.2-rc Cross Site Scripting
Advisory ID: HTB23174 Product: Feng Office Vendor: Secure Data SRL Vulnerable Versions: 2.3.2-rc and probably prior Tested Version: 2.3.2-rc Advisory Publication: September 18, 2013 without technical details Vendor Notification: September 18, 2013 Public Disclosure: October 9, 2013 Vulnerability...
Feng Office 1.7.3.3 CSRF Vulnerability
Exploit for php platform in category web applications Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Risk level: Low Credit:...
Feng Office 1.7.3.3 - Cross-Site Request Forgery
Feng Office 1.7.3.3 - Cross-Site Request Forgery Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17...
Feng Office 1.7.3.3 - Cross-Site Request Forgery
Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site...
Feng Office 1.7.3.3 Cross Site Request Forgery
Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site...
HTB22910: XSRF (CSRF) in Feng Office
Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site...