8109 matches found
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...
CVE-2013-3791
Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...
CVE-2013-3782
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows remote attackers to affect integrity via unknown vectors related to Web UI...
CVE-2013-3791
Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...
CVE-2013-3779
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI...
Code injection
Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...
CVE-2013-3791
Unspecified vulnerability in Enterprise Manager EM Base Platform 10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid Control allows remote attackers to affect integrity via unknown vectors related to User Interface Framework...
LinkedIn Clickjacking vulnerability tricks users to spam links
A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim. Narendra BhatiR00t Sh3ll, Security Analyst at Cyber Octet informed us about LinkedIn Bug. Clickjacking, also referred as "User Interface redress attack" is o...
Oracle Linux 4 : gtk2 (ELSA-2007-0019)
From Red Hat Security Advisory 2007:0019 : Updated gtk2 packages that fix a security issue are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gtk2 package contains the GIMP ToolKit GTK+, a library for creating graphical user...
[Arachni v0.4.3] Ruby framework aimed towards helping penetration testers
Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. Arachni is smart, it trains itself by learning from the HTTP responses it receives during the audit process. Unlike other...
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox regression (USN-1890-2)
USN-1890-1 fixed vulnerabilities in Firefox. This update introduced a regression which sometimes resulted in Firefox using the wrong network proxy settings. This update fixes the problem. We apologize for the inconvenience. Multiple memory safety issues were discovered in Firefox. If the user wer...
Ubuntu 12.04 LTS / 12.10 / 13.04 : firefox vulnerabilities (USN-1890-1)
Multiple memory safety issues were discovered in Firefox. If the user were tricked into opening a specially crafted page, an attacker could possibly exploit these to cause a denial of service via application crash, or potentially execute arbitrary code with the privileges of the user invoking...
Arbitrary code execution within Profiler — Mozilla
Security researcher Mariusz Mlynski reported that when a user examines the profiler output on a malicious website containing specially crafted code, it is possible for arbitrary code execution to occur. This occurs because the profiler user interface runs in a special iframe that parses data from...
[EMET v4.0] Enhanced Mitigation Experience Toolkit
The Enhanced Mitigation Experience Toolkit EMET is designed to help prevent hackers from gaining access to your system. Software vulnerabilities and exploits have become an everyday part of life. Virtually every product has to deal with them and consequently, users are faced with a stream of...
[SECURITY] Fedora 19 Update: rrdtool-1.4.8-2.fc19
RRD is the Acronym for Round Robin Database. RRD is a system to store and display time-series data i.e. network bandwidth, machine-room temperature, server load average. It stores the data in a very compact way that will not expand over time, and it presents useful graphs by processing the data t...
KLA10076 Multiple vulnerabilities in Apple iTunes
Multiple critical vulnerabilities have been found in Apple iTunes. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or spoof HTTPS servers. Below is a complete list of vulnerabilities 1. Vectors related to browsing the iTunes Store can be...
Citrix Access Gateway User Web Interface Detection
The remote web server hosts the web interface for using Citrix Access Gateway, an SSL VPN appliance. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65951; scriptversion"1.5"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22";...
[360-FAAR v0.4.1] Firewall Analysis Audit And Repair
360-FAAR Firewall Analysis Audit and Repair is an offline, command line, Perl firewall policy manipulation tool to filter, compare to logs, merge, translate and output firewall commands for new policies, in Checkpoint dbedit, Cisco ASA or ScreenOS commands, and its one file! Changes: This release...
[JSQL v0.3] Java Tool for Automatic Database Injection
jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...
CVE-2012-5053
Cross-site scripting XSS vulnerability in the Receiver Web User Interface on Trimble Infrastructure GNSS Series Receivers NetR3, NetR5, NetR8, and NetR9 before 4.70, and NetRS before 1.3-2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...