ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

Summary ASPECT is an award-winning scalable building energy management and control solution designed to allow users seamless access to their building data through standard building protocols including smart devices. Description The ABB BMS/BAS controller suffers from an unauthenticated log...

Mozilla Firefox Security Advisory (MFSA2015-10) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Mozilla Firefox Security Advisory (MFSA2014-66) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Redaxo CMS 5.0.0 Cross Site Scripting / SQL Injection

=== LSE Leading Security Experts GmbH - Security Advisory 2016-01-18 === Redaxo CMS contains multiple vulnerabilities ------------------------------------------------------------- Problem Overview ================ Technical Risk: high Likelihood of Exploitation: medium Vendor:...

Gnew v2013.1 Multiple XSS And SQL Injection Vulnerabilities

Summary Gnew is a simple Content Management System written with PHP language and using a database server MySQL, PostgreSQL or SQLite for storage. Description Input passed via several parameters is not properly sanitised before being returned to the user or used in SQL queries. This can be exploit...

Tencent(腾讯)手机QQ for Android 权限许可和访问控制漏洞

CVE-2011-4864 Android是Google通过Open Handset Alliance发起的项目，用于为移动设备提供完整的软件集，包括操作系统、中间件等。 Android的Tencent MobileQQ com.tencent.mobileqq应用程序2.2版本中存在漏洞，该漏洞源于未正确保护数据。远程攻击者可利用此漏洞借助特制应用程序读取或修改短信息和好友列表。 0 Tencent腾讯手机QQ for Android 2.2 目前厂商已经发布了升级补丁以修复此安全问题 补丁获取链接： http://mobile.qq.com...

Majordomo2 Directory Traversal

-------------------------- NSOADV-2011-003 --------------------------- Majordomo2 'help' Command Directory Traversal Patch Bypass 111101111 11111 00110 00110001111 111111 01 01 1 11111011111111 11111 0 11 01 0 11 1 1 111011001 11111111101 1 11 0110111 1 1111101111 1001 0 1 10 11 0 10 11 1111111 1...

IBM SolidDB 'solid.exe' Handshake Remote Code Execution Vulnerability

IBM SolidDB is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code with SYSTEM user privileges. Failed exploit attempts will result in a denial-of- service condition. The vulnerability is reported in version 6.5 FP1 6.5.0.1. Prior versions...

Microsoft Windows Vector Markup Language Vulnerabilities (929969)

Remote exploitation of an integer overflow vulnerability in the Vector Markup Language VML support in multiple Microsoft products allows attackers to execute arbitrary code within the context of the user running the vulnerable application. SPDX-FileCopyrightText: 2010 LSS Some text descriptions...

autoindex-xss.txt

====================================================================== AutoIndex Impact: Cross Site Scripting Denial of Service DoS Status: patch available ------------------------------ Affected software description: ------------------------------ Application: AutoIndex Version:...

[Full-disclosure] chmlib exploitable buffer overflow

Advisory: chmlib exploitable buffer overflow Product: chmlib Affected Version: =0.36 Immune Version: 0.36 OS: Tested on linux 2.4 probably other OS affected as well Date: 26.10.2005 Author: Sven Tantau - http://www.sven-tantau.de/ Vendor-URL: http://morte.jedrea.com/7Ejedwin/projects/chmlib/...