Lucene search
K

1571 matches found

ICS
ICS
added 2011/06/03 6:0 a.m.32 views

GE Proficy Historian Web Administrator XSS

Overview ICS-CERT originally released Advisory ICSA-11-243-02P on the US-CERT secure Portal on August 31, 2011. ICS-CERT has received a report from independent security researchers Billy Rios and Terry McCorkle concerning multiple cross-site scripting XSS vulnerabilities in the GE Intelligent...

4.3CVSS6AI score0.00908EPSS
Exploits0References10
The Hacker News
The Hacker News
added 2011/05/02 11:12 a.m.8 views

Source Code is the New Hacker Currency !

Source Code is the New Hacker Currency ! No doubt you've been paying attention to the data breaches pile up lately... but have you noticed a trend? If you wade through the hype and hyperbole, dig into the details of the most prolific intrusions in recent history you'll notice one thing that shine...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2011/04/26 12:0 a.m.13 views

Football Website Manager 1.1 - SQL Injection / Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/47593/info Football Website Manager is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...

7.4AI score
Exploits0
NVD
NVD
added 2011/04/15 12:55 a.m.14 views

CVE-2011-1531

The webscan component in the Embedded Web Server EWS on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors...

4.3CVSS6.5AI score0.02044EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2011/03/14 7:52 p.m.30 views

New Adobe Under Zero-Day Attack !

Adobe today released an advisory to warn about a remote code execution vulnerability in Flash Player, which also affects Adobe Reader and Acrobat. This critical vulnerability has been assigned CVE-2011-0609. Currently seen attacks work through a malicious SWF file which is embedded inside an Exce...

9.3CVSS7AI score0.66821EPSS
Exploits8
Packet Storm
Packet Storm
added 2010/10/04 12:0 a.m.57 views

SmarterMail 7.x Cross Site Scripting

Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 B...

5CVSS6.5AI score0.03134EPSS
Exploits13
0day.today
0day.today
added 2010/10/03 12:0 a.m.62 views

SmarterMail 7.x (7.2.3925) Stored Cross Site Scripting Vulnerability

Exploit for php platform in category web applications ==================================================================== SmarterMail 7.x 7.2.3925 Stored Cross Site Scripting Vulnerability ==================================================================== Vendor: smartertools.com SmarterMail 7...

7.1AI score0.03134EPSS
Exploits13
0day.today
0day.today
added 2010/10/03 12:0 a.m.61 views

SmarterMail 7.x (7.2.3925) LDAP Injection Vulnerability

Exploit for php platform in category web applications ======================================================= SmarterMail 7.x 7.2.3925 LDAP Injection Vulnerability ======================================================= Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author :...

7.1AI score0.03134EPSS
Exploits13
exploitpack
exploitpack
added 2010/10/02 12:0 a.m.75 views

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting

SmarterMail 7.2.3925 - Persistent Cross-Site Scripting Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home :...

5CVSS6AI score0.03134EPSS
Exploits13
exploitpack
exploitpack
added 2010/10/02 12:0 a.m.47 views

SmarterMail 7.2.3925 - LDAP Injection

SmarterMail 7.2.3925 - LDAP Injection Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Test...

5CVSS0.03134EPSS
Exploits13
Exploit DB
Exploit DB
added 2010/10/02 12:0 a.m.58 views

SmarterMail < 7.2.3925 - LDAP Injection

Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.2 Bug : LDAP Injection + Cross Site Scripting STORED Tested on : SmarterMail 7.x 7.2.3925 //...

5CVSS6.4AI score0.03134EPSS
Exploits13
seebug.org
seebug.org
added 2010/09/20 12:0 a.m.35 views

SmarterMail 7.1.3876 Directory Traversal Vulnerability

No description provided by source. Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author : sqlhacker – http://cloudscan.me Thanks to : Burp Suite Pro - engagement tool : FuzzDB Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 Bug ...

7.1AI score
Exploits0
0day.today
0day.today
added 2010/09/20 12:0 a.m.37 views

SmarterMail 7.1.3876 Directory Traversal Vulnerability

Exploit for windows platform in category remote exploits ====================================================== SmarterMail 7.1.3876 Directory Traversal Vulnerability ====================================================== Vendor: smartertools.com SmarterMail 7.x 7.1.3876 Date: 2010-09-12 Author :...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2010/09/16 7:18 p.m.18 views

Security a Concern as HTML5 Gains Traction

From animated logos to Web videos for hip, independent bands, HTML5 is getting buzz and gaining traction. But concerns about the security of features in the new version of the Web’s lingua franca persist. Every technology innovation has its coming out party, and Google Inc.’s recent “dancing ball...

6AI score
Exploits0References4
ThreatPost
ThreatPost
added 2010/01/06 5:28 p.m.8 views

I Have Only One Security Prediction for 2010

Instead of the usual top ten lists that are all-too-common with predictions for the new year, I have just one: 2010 will be the year of desktop applications handling untrusted data in sandboxed processes, and it will be about time. Since the release of Windows XP SP2, there have been significantl...

0.2AI score
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2009/10/26 12:0 a.m.341 views

NFS Server Superfluous

The remote NFS server is not exporting any shares. Running an unused service unnecessarily increases the attack surface of the remote host. C Tenable Network Security, Inc. Get the export list of the remote host and warns the user if a NFS share is exported to the world. include 'compat.inc' ;...

10CVSS5.5AI score0.0194EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2009/09/25 6:49 p.m.16 views

Microsoft Says Google Chrome Frame is IE Security Risk

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond. The Google Chrome Frame, which is presented as a seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet...

1.1AI score
Exploits0References4
ThreatPost
ThreatPost
added 2009/06/25 8:57 p.m.13 views

Vulnerabilities and Attack Surface

From CERT Will Dormann Two recent US-CERT Vulnerability Notes cert.org describe similar issues in the Adobe Reader and Foxit Reader PDF viewing applications. The vulnerabilities, that both applications failed to properly handle JPEG2000 JPX data streams, were discovered as part of our Vulnerabili...

1.5AI score
Exploits0References4
securityvulns
securityvulns
added 2009/01/19 12:0 a.m.54 views

Advisory: Oracle EBusiness Suite Sensitive Information Disclosure Vulnerability

Version Affected: Oracle E-Business Suite Release 12, version 12.0.6 Oracle E-Business Suite Release 11i, version 11.5.10.2 CVE: 2008-5446 Description: The oracle E Business including applications like I-Recruitment etc is vulnerable to flaw which leads to sensitive information disclosure about t...

6.7AI score
Exploits0
Prion
Prion
added 2007/03/20 8:19 p.m.20 views

Code injection

Microsoft Windows Vista establishes a Teredo address without user action upon connection to the Internet, contrary to documentation that Teredo is inactive without user action, which increases the attack surface and allows remote attackers to communicate via Teredo...

7.5CVSS7.1AI score0.11793EPSS
Exploits0References6
Rows per page
Query Builder