ManageEngine ServiceDesk Plus 9.2 Build 9207 Information Disclosure Vulnerability

Exploit for jsp platform in category web applications Title: ManageEngine ServiceDesk Plus Low Privileged User View All Tickets Date: 18 October 2016 Author: p0z Vendor: ManageEngine Vendor Homepage: https://www.manageengine.com/ Product: ServiceDesk Plus Version: 9.2 Build 9207 Other versions...

Legal Robot: UI Redressing ( ClickJacking ) Issue on Information submit form

I found that There is a Form for Submitting User Information for applying for Beta Program. But this has NO Protection against Clickjacking Issue & also this form needs the following inputs that can b somewhat useful for an attacker. Information Like: Name: Email: Company Following is HTML code i...

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop...

Micro Focus Rumba+ 9.4 - Multiple Stack Buffer Overflow Vulnerabilities

Micro Focus Rumba+ v9.4 Multiple Stack Buffer Overflow Vulnerabilities Vendor: Micro Focus Product web page: https://www.microfocus.com Affected version: 9.4.4058.0 and 9.4.0 SP0 Patch0 Affected products/tools : Rumba Desktop 9.4 Rumba 9.4 Trace Rumba 9.4 APPC Configuration Rumba 9.4 AS400...

Drupal Core Forms Interface Ignores Submit Button Access Restriction Vulnerability

Drupal is a free and open source content management system developed in PHP. An access bypass vulnerability exists in Drupal Core. Allowing input submission, e.g. using JavaScript, of form button elements that the user should not have access to because the buttons are blocked by server-side form...

UBUNTU-CVE-2015-5264

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role...

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

Form API ignores access restrictions on submit buttons

More info at https://www.drupal.org/SA-CORE-2016-001...

Unspecified Vulnerability in Oracle E-Business Suite Oracle Interaction Center Intelligence Business Intelligence Component

Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability in the Oracle E-Business Suite Oracle Interaction Center Intelligence Business Intelligence component allows remote attackers to exploit the vulnerability to submit a special request...

Websense Content Gateway Stack Buffer Overflow Vulnerability

Websense Content Gateway is a set of content security solution gateway from Websense, Inc. A stack buffer overflow vulnerability exists in the 'handledebugnetwork' function in Manager for Websense Content Gateway version 8.0.0. A remote attacker can exploit this vulnerability to cause a denial of...

WordPress Plugin Really Simple Guest Post 1.0.6 - Local File Inclusion

Exploit Title: Wordpress Really Simple Guest Post File Include Google Dork: inurl:"really-simple-guest-post" intitle:"index of" Date: 04/06/2015 Exploit Author: Kuroi'SH Software Link: https://wordpress.org/plugins/really-simple-guest-post/ Version: =1.0.6 Tested on: Linux The vulnerable file is...

Wireless Photo Transfer 3.0 iOS - Local File Inclusion

Document Title: =============== Wireless Photo Transfer v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1492 Release Date: ============= 2015-05-12 Vulnerability Laboratory ID VL-ID:...

PDF Converter & Editor 2.1 iOS - File Include Vulnerability

Document Title: =============== PDF Converter & Editor 2.1 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1480 Release Date: ============= 2015-05-06 Vulnerability Laboratory ID VL-ID: ===================================...

openSUSE Security Update : osc (openSUSE-2015-224)

osc was updated to fix a security issue and some non-security bugs. osc was updated to 0.151.0, fixing the following vulnerability : - fixed shell command injection via crafted service files CVE-2015-0778 boo901643 The following non-security bugs were fixed : - fix times when data comes from OBS...

WordPress Plugin Contact Form DB Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed in the PHP language, which supports personal blog sites on PHP and MySQL servers.Contact Form DB also known as CFDB and contact-form-7-to-database-extension is one of the plugins that can submit the create and...

Quasar Theme Rock Form Builder plugin - Privilege Escalation

The Rock Form Builder plugin 1.0 is used within the Quasar WooCommerce theme 1.9.1. Authenticated users can modify WordPress settings which can lead to full site compromise. It's unclear which exact version of the rock-form-builder fixed the issue, but it was something in between 1.0 and 2.5, so...

Canary Watch Site Launches to Track Warrant Canaries

In the years since Edward Snowden began putting much of the NSA‘s business in the street, including its reliance on the secret FISA court and National security Letters, warrant canaries have emerged as a key method for ISPs, telecoms and other technology providers to let the public know whether...

Esotalk CMS 1.0.0g4 - XSS Vulnerability

Exploit for php platform in category web applications / Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Softwar...

Esotalk CMS 1.0.0g4 - Cross-Site Scripting

Esotalk CMS 1.0.0g4 - Cross-Site Scripting / Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link:...

Esotalk CMS 1.0.0g4 - Cross-Site Scripting

/ Exploit Title: esotalk cms topics xss vulnerability Google Dork: powered by esotalk Date: 2014-11-01 Vul Author: Evi1m0ff0000team Vul Advisory: http://www.hackersoul.com/post/ff0000-hsdb-0006.html Vendor Homepage: http://esotalk.org/ Software Link: http://esotalk.org/download Tested on: Linux /...