Security feature bypass

An issue was discovered in systemd 253. An attacker can modify the contents of past events in a sealed log file and then adjust the file such that checking the integrity shows no error, despite modifications. NOTE: the vendor reportedly sent "a reply denying that any of the finding was a security...

PACSOne Server 6.6.2 DICOM Web Viewer - Directory Trasversal

Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone filetype:php login Version:...

PACSOne Server 6.6.2 DICOM Web Viewer Directory Traversal

Exploit Title: PACSOne Server 6.6.2 DICOM Web Viewer Directory Trasversal / Local File Inclusion Date: 08/14/2017 Software Link: http://www.pacsone.net/download.htm Google Dork: inurl:pacs/login.php inurl:pacsone/login.php inurl:pacsone filetype:php home inurl:pacsone filetype:php login Version:...

Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: =========== OfficeScan v11.0 and XG 12.0...

ModX Revolution 2.3.5-pl Cross Site Scripting Vulnerability

ModX Revolution version 2.3.5-pl suffers from a reflective cross site scripting vulnerability. ModX Revolution 2.3.5-pl: Reflected Cross Site Scripting Vulnerability Security Advisory – Curesec Research Team 1. Introduction Affected Product: ModX Revolution 2.3.5-pl Fixed in: not fixed Fixed...

PHP IDNA Convert 0.8.0 Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in parameters encoded/decoded in the class PHP IDNA Convert allows remote attackers to inject arbitrary web script or HTML. PHP IDNA Convert Cross-site scripting XSS Vendor product description PHP NetIDNA is a class to convert between the Punycode and Unicod...

ecshop modify any user password vulnerability-vulnerability warning-the black bar safety net

ecshop in the design of the authentication mechanism when there is a problem, resulting in malicious users can steal other user's password In ecshop permissions mechanisms which modify a password is needed to know the original password, but modified to retrieve the password of the Email without t...

bandwebsite.txt

Informations : °°°°°°°°°°°°°° - Product : Bandsite portal system - Website : http://membres.lycos.fr/fluxx/bandwebsite.php - Author : Jelle de Vos - Tested version :1.5 - Problem : vulnerability in Bandsite Allows Gaining Admin Access. Product Description : °°°°°°°°°°°°°°°°°°°°° Bandsite is an...