1571 matches found
GE Proficy Historian Web Administrator XSS
Overview ICS-CERT originally released Advisory ICSA-11-243-02P on the US-CERT secure Portal on August 31, 2011. ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning multiple cross-site scripting XSS vulnerabilities in the GE Intelligent...
Source Code is the New Hacker Currency !
Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shine...
Football Website Manager 1.1 - SQL Injection / Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/47593/info Football Website Manager is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...
CVE-2011-1531
The webscan component in the Embedded Web Server EWS on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors...
New Adobe Under Zero-Day Attack !
Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Exce...
SmarterMail 7.x Cross Site Scripting
Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 B...
SmarterMail 7.x (7.2.3925) Stored Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ==================================================================== SmarterMail 7.x 7.2.3925 Stored Cross Site Scripting Vulnerability ==================================================================== Vendor: smartertools.com SmarterMail 7...
SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability
Exploit for php platform in category web applications ======================================================= SmarterMail 7.x 7.2.3925 LDAP Injection Vulnerability ======================================================= Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author :...
SmarterMail 7.2.3925 - Persistent Cross-Site Scripting
SmarterMail 7.2.3925 - Persistent Cross-Site Scripting Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home :...
SmarterMail 7.2.3925 - LDAP Injection
SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...
SmarterMail < 7.2.3925 - LDAP Injection
Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...
SmarterMail 7.1.3876 Directory Traversal Vulnerability
No description provided by source. Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author : sqlhacker – http://cloudscan.me Thanks to : Burp Suite Pro - engagement tool : FuzzDB Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 Bug ...
SmarterMail 7.1.3876 Directory Traversal Vulnerability
Exploit for windows platform in category remote exploits ====================================================== SmarterMail 7.1.3876 Directory Traversal Vulnerability ====================================================== Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author :...
Security a Concern as HTML5 Gains Traction
From animated logos to Web videos for hip, independent bands, HTML5 is getting buzz and gaining traction. But concerns about the security of features in the new version of the Web’s lingua franca persist. Every technology innovation has its coming out party, and Google Inc.’s recent “dancing ball...
I Have Only One Security Prediction for 2010
Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. Since the release of Windows XP SP2, there have been significantl...
NFS Server Superfluous
The remote NFS server is not exporting any shares. Running an unused service unnecessarily increases the attack surface of the remote host. C Tenable Network Security, Inc. Get the export list of the remote host and warns the user if a NFS share is exported to the world. include 'compat.inc' ;...
Microsoft Says Google Chrome Frame is IE Security Risk
Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond. The Google Chrome Frame, which is presented as a seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet...
Vulnerabilities and Attack Surface
From CERT Will Dormann Two recent US-CERT Vulnerability Notes cert.org describe similar issues in the Adobe Reader and Foxit Reader PDF viewing applications. The vulnerabilities, that both applications failed to properly handle JPEG2000 JPX data streams, were discovered as part of our Vulnerabili...
Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability
Version Affected: Oracle E-Business Suite Release 12, version 12.0.6 Oracle E-Business Suite Release 11i, version 11.5.10.2 CVE: 2008-5446 Description: The oracle E Business including applications like I-Recruitment etc is vulnerable to flaw which leads to sensitive information disclosure about t...
Code injection
Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo...