Aptexx Resident Anywhere exposes sensitive account information

Overview Aptexx Resident Anywhere does not require authentication to view and modify sensitive information contained in direct account and payment URLs, which can be leveraged to bypass authentication and access user accounts. Description CWE-288:Authentication Bypass Using an Alternate Path or...

SOL16707 - cURL and libcurl vulnerability CVE-2015-3148

cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. CVE-2015-3148...

JVN#71903938: bBlog vulnerable to cross-site request forgery

bBlog is weblog software. bBlog contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Do not use bBlog bBlog is no longer being developed or maintained. It is recommended to stop using...

JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting

i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...

VMSA-2014-0013:VMware vCloud Automation Center product updates address a CRITICAL remote privilege escalation vulnerability

VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0013 VMware Security Advisory Synopsis: VMware vCloud Automation Center product updates address a...

Lanius CMS <= 0.5.2 - Remote Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------- Lanius CMS = 0.5.2 Remote Arbitrary File Upload Exploit -------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.laniuscms.org/...

Debian Security Advisory DSA 2960-1 (icedove - security update)

Multiple security issues have been found in Icedove, Debian's version of the Mozilla Thunderbird mail and news client: multiple memory safety errors and buffer overflows may lead to the execution of arbitrary code or denial of service. OpenVAS Vulnerability Test $Id: deb2960.nasl 6724 2017-07-14...

Fedora Update for kactivities FEDORA-2013-13499

Check for the Version of kactivities OpenVAS Vulnerability Test Fedora Update for kactivities FEDORA-2013-13499 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Fedora Update for kactivities FEDORA-2013-10130

Check for the Version of kactivities OpenVAS Vulnerability Test Fedora Update for kactivities FEDORA-2013-10130 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Safari information disclosure vulnerability

Overview Safari contains an information disclosure vulnerability caused the by the improper handling of XML files. Takayoshi Isayama from Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

[Ghost Phisher] GUI suite for phishing and penetration attacks

Ghost Phisher is a Wireless and Ethernet security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library, the program is able to emulate access points and deploy various internal networking servers for networking, penetration testing and...

HP-UX Update for Netscape Directory Server Using LDAP HPSBUX01105

Check for the Version of Netscape Directory Server Using LDAP OpenVAS Vulnerability Test HP-UX Update for Netscape Directory Server Using LDAP HPSBUX01105 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

Ubuntu Update for samba regression USN-544-2

Ubuntu Update for Linux kernel vulnerabilities USN-544-2 OpenVAS Vulnerability Test $Id: gbubuntuUSN5442.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for samba regression USN-544-2 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.ne...

Yayoi Kaikei improper handling of credential information

Overview Yayoi Kaikei Quick Navigator sends user credentials unencrypted. Yayoi Kaikei Quick Navigator makes the user log into the vendor's server, and sends the user credentials unencrypted. Impact By monitoring the communication between Quick Navigator and the vendor's server, an attacker can...

Winny buffer overflow vulnerability

Overview Winny, P2P file-sharing exchange software, contains a buffer overflow vulnerability. As of May 25, 2006, exploit information is publicly available. Currently we are not aware of any attacks. It is recommended that users avoid using Winny. Impact If a remote attacker sends a malicious...

CVE-2007-6549

Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."...

CVE-2007-6549

Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using."...

CVE-2007-6549

Technical details (affected products, components, versions, impact, or fix) are not publicly available in the provided documents; monitor for updates.

dsock 1.3 - &#039;buf&#039; Remote Buffer Overflow (PoC)

A buffer overflow in variable 'buf' exists due to insufficient validation of variable 'name' in function torresolve line 218 of software at http://www.monkey.org/dugsong/dsocks/ url PoC: DaveK At a quick glance, this looks like it could indeed be overflowed quite trivially by passing an overlong...

Talking about after the invasion of the hardware destruction method-vulnerability warning-the black bar safety net

| Internetthe field of security, one foot magic ridge, and then strong fortress also has his deadly colony, hackersarttoday, was born many kinds of means of attack, and in front of the defense method is endless, but whether it is anti-both, all overlooked an important aspect-that is, hardware...