EUVD-2005-4265

Malware in sbrugna...

EUVD-2008-2013

Malware in sbrugna...

Google App Enging SDK Code Execution Vulnerability (CVE 2011-1364)

We recently identified an interesting code execution vulnerability in the Google App Engine SDK for Python. By combining a CSRF vulnerability in the administration web UI, with some other unique vulnerabilities we found in the Google python libraries, a remote hacker could gain remote code...

CVE-2008-2015

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the 1 CompactSave and 2 SaveSession method in one control, and the 3 saveRecordedExploreToFile...

Path traversal

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the 1 CompactSave and 2 SaveSession method in one control, and the 3 saveRecordedExploreToFile...

CVE-2008-2015

Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the 1 CompactSave and 2 SaveSession method in one control, and the 3 saveRecordedExploreToFile...

CVE-2008-2015

CVE-2008-2015 affects WatchFire AppScan 7.0 ActiveX controls. The vulnerability is multiple absolute path traversal via full pathnames passed to the CompactSave, SaveSession, and saveRecordedExploreToFile methods in different controls, enabling remote creation/overwriting of arbitrary files and p...

watchfire-insecure.txt

Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0 Remote: Yes An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0. by callAX - Fr33d0m & Kn0wl3dg3 1s th3 r341 P0w3r function Doit File = "c:\autoexec.bat"...

Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods

Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0 Remote: Yes An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0. by callAX - Fr33d0m & Kn0wl3dg3 1s th3 r341 P0w3r function Doit File = "c:\autoexec.bat"...

Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods

Watchfire Appscan 7.0 - ActiveX Multiple Insecure Methods Multiple Insecure Methods in AppScan Watchfire Web Application Security v 7.0 Remote: Yes An arbitrary file overwrite has been discovered in an ActiveX control installed with the WatchFire Appscan v 7.0. by callAX - Fr33d0m & Kn0wl3dg3 1s...

WatchFire Appscan 7.0 ActiveX Multiple Insecure Methods Exploit

Exploit for unknown platform in category remote exploits =============================================================== WatchFire Appscan 7.0 ActiveX Multiple Insecure Methods Exploit =============================================================== Multiple Insecure Methods in AppScan Watchfire W...

trivantis-sql.txt

+==================================================================================================+ + Trivantis CourseMill Enterprise Learning Management System - SQL Injection - CVE-2007-6338 + +==================================================================================================+...

XSS Bug in printable link display

A Cross sites scripting vulnerability exists in macro used to render the 'printable' link. Here is an exploit for the vulnerability that works https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert'Watchfire%20XSS%20Test%20Successful'%3C/script%3E Bug was found using APPScan...

XSS Bug in printable link display

A Cross sites scripting vulnerability exists in macro used to render the 'printable' link. Here is an exploit for the vulnerability that works https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert'Watchfire%20XSS%20Test%20Successful'%3C/script%3E Bug was found using APPScan...

XSS Bug in printable link display

A Cross sites scripting vulnerability exists in macro used to render the 'printable' link. Here is an exploit for the vulnerability that works https://servername/wiki/display/a/2007/09/%22%3E%3Cscript%3Ealert'Watchfire%20XSS%20Test%20Successful'%3C/script%3E Bug was found using APPScan...

Overtaking Google Desktop

Hello, A new research from Watchfire has revealed a serious vulnerability in Google Desktop. The attack, which is fully presented in a new Watchfire research paper released today available at http://www.watchfire.com/resources/Overtaking-Google-Desktop.pdf, can allow a malicious individual to...

CentOS 3 / 4 : httpd (CESA-2005:582)

Updated Apache httpd packages to correct two security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a powerful, full-featured, efficient, and...

CYBSEC - Security Advisory: Watchfire AppScan QA Remote Code Execution

The following advisory is also available in PDF format for download at: http://www.cybsec.com/vuln/CYBSECSecurityAdvisoryAppScanQARemoteCodeExec.pdf CYBSEC S.A. www.cybsec.com Advisory Name: Watchfire AppScan QA Remote Code Execution ========== Vulnerability Class: Buffer Overflow =============...

CVE-2005-4270

Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field...

CVE-2005-4270

CVE-2005-4270 affects Watchfire AppScan QA versions 5.0.609 and 5.0.134. A buffer overflow in handling an HTTP 401 response with a WWW-Authenticate header containing a long Realm field can allow a remote attacker to execute arbitrary code. The vulnerability is documented with a remote-code-execut...