DEBIAN-CVE-2012-0811

Multiple SQL injection vulnerabilities in Postfix Admin aka postfixadmin before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via 1 the pw parameter to the pacrypt function, when mysqlencrypt is configured, or 2 unspecified vectors that are used in backup files generate...

Bash Me Some More

Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...

DEBIAN-CVE-2014-7199

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.19, 1.22.x before 1.22.11, and 1.23.x before 1.23.4 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

CVE-2014-6754

The Vector Outage Manager aka nz.co.vector.outagemanager application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6754

The Vector Outage Manager aka nz.co.vector.outagemanager application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-6754

CVE-2014-6754 affects the Vector Outage Manager (nz.co.vector.outagemanager) Android app version 1.7. The vulnerability is that the app does not verify X.509 certificates when communicating with SSL servers, enabling man-in-the-middle attackers to spoof servers and capture sensitive information v...

GS Foto Uebertraege 3.0 Local File Inclusion

Document Title: =============== GS Foto Uebertraeger v3.0 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1325 Release Date: ============= 2014-09-22 Vulnerability Laboratory ID VL-ID: ====================================...

Bash Vulnerability Exploits Dropping DDoS Bots

A honeypot run by researchers at AlienVault Labs has snared two separate pieces of malware attempting to exploit the Bash vulnerability. One sample is a repurposed IRC bot written in Perl that is trying to build a botnet to be used in distributed denial of service attacks DDoS, said Jaime Blasco,...

用友CRM注入漏洞（无需登录通杀所有版本）

简要描述： 用友某系统注入漏洞，无需登录，通杀所有版本 详细说明： 用友TurboCRM存在通用sql注入。 http://crm.varsal.com.cn:8081/login/login.php 如下图找到找回密码页 访问 http://crm.varsal.com.cn:8081/login/changepswd.php?orgcode=1&loginname=system 输入信息抓包 POST /login/changepswd.php?orgcode=1&loginname=system HTTP/1.1 Host: crm.varsal.com.cn:8081...

Briefcase 4.0 iOS - Code Exec & File Include Vulnerability

Document Title: =============== Briefcase 4.0 iOS - Code Exec & File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1319 Release Date: ============= 2014-09-11 Vulnerability Laboratory ID VL-ID: ====================================...

Internet Bug Bounty: Flash Local Sandbox Bypass

Vulnerability already reported to adobe issue 2833 and patched CVE-2014-0554 http://helpx.adobe.com/security/products/flash-player/apsb14-21.html First of all, note that the Adobe Security Bulletin notes: 'Bas Venis and Masato Kinugawa' for the acknowledgement of this CVE. The poc I have reported...

Two SQL Injections in All In One WP Security WordPress plugin

High-Tech Bridge Security Research Lab discovered two SQL injection vulnerabilities in All In One WP Security WordPress plugin, which can be exploited to perform SQL Injection attacks. Both vulnerabilities require administrative privileges, however can be also exploited by non-authenticated...

Community Health data leak suspected of the use of the Heartbleed vulnerability-a vulnerability warning-the black bar safety net

When the Heartbleed OpenSSL vulnerability in 4 months is discovered, the security community many experts are warning that the vulnerability could be used to expose sensitive data, although at the time also there is no evidence that attackers are actively using Heartbleed vulnerability. And now, a...

CVE-2014-5242

Cross-site scripting XSS vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value...

Information disclosure

The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response...

Adobe Flash Player Vector Object Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose memory addresses on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

OpenJDK: SubjectDelegator protection insufficient (JMX, 8029755)

Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality and integrity via vectors related to JMX...

PT-2014-7240 · Oracle +2 · Mysql Server +2

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.6.19 and earlier Description: The issue allows remote authenticated users to affect availability through vectors related to SERVER:MEMCACHED. This means that authenticated users can potentially impact the system...

PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability

Document Title: =============== PhotoSync Wifi & Bluetooth v1.0 - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1289 Release Date: ============= 2014-08-04 Vulnerability Laboratory ID VL-ID: ==================================...

iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities

Document Title: =============== iFolder+ TigerCom v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laboratory ID VL-ID: ==================================== 1284...