11 matches found
Q2 2018 Speculative Execution Side Channel Update
Summary: Security researchers identified two software analysis methods that, if used for malicious purposes, have the potential to improperly gather sensitive data from multiple types of computing devices with different vendors’ processors and operating systems. Intel is committed to product and...
veeam.com XSS vulnerability
Vulnerable URL: https://www.veeam.com/whitepapers.html?search=lol"=1=1apprecovery=362 Details: Description| Value ---|--- Patched:| Yes, at 25.05.2017 Latest check for patch:| 25.05.2017 15:05 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 16242 VIP website...
neustar.biz XSS vulnerability
Vulnerable URL: https://www.neustar.biz/resources/whitepapers?category=...
Netgear ProSafe switches: Unauthenticated startup-config disclosure and Denial of Service
BACKGROUND According to the vendor, Netgear ProSafe is a cost-effective line of smart switches for Small and Medium Businesses SMBs. The products cover an essential set of network features and easy-to-use web-based management. Power over Ethernet PoE and Stacking versions are also available. 2...
Oracle Sun Java System Web Server - HTTP Response Splitting
Description Security-Assessment.com discovered that is possible to successfully perform an HTTP Response Splitting attack against applications served by Sun Java System Web Server. The vulnerability can be exploited if user supplied input is used to generate the value of an HTTP header, as shown ...
HP LaserJet printers - 存储型xss
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-09-048 http://dsecrg.ru/pages/vul/show.php?id=148 Application: HP LaserJet printer web interface Vulnerable: HP LaserJet 2200, 4350, 4600, 5500, and many others Vendor URL: http://www.hp.com/ Bug: Multiple...
SecurityFocus.com Cross Site Scripting
Original Advisory http://www.dsecrg.com/pages/vul/show.php?id=63 Digital Security Research Group DSecRG Advisory DSECRG-09-007 Application: SecurityFocus.com Vendor URL: http://www.securityfocus.com Bugs: XSS Exploits: YES Reported: 21.01.2009 Vendor response: none Second report: 23.01.2009 Vendo...
Synactic ALL_IN_THE_BOX File Overwrite
DSECRG-09-006 Synactis AllINTHEBOX ActiveX Control - Null byte File Owervrite Synactis AllINTHEBOX ActiveX Control ALLINTHEBOX.OCX can be used to owervrite any any file in target system. Vulnerable method is "SaveDoc" Application: Synactis AllINTHEBOX ActiveX Versions Affected: 3 Vendor URL:...
XOOPS 2.0.18 - Local File Inclusion URL Redirecting
XOOPS 2.0.18 - Local File Inclusion URL Redirecting Digital Security Research Group DSecRG Advisory DSECRG-08-009 Application: XOOPS Versions Affected: XOOPS 2.0.18 Vendor URL: http://www.xoops.org/ Bugs: Local File Include,URL Redirecting phishing Exploits: YES Reported: 28.01.2008 Vendor...
RunCMS 1.6 - Get Admin Cookie Blind SQL Injection
RunCMS 1.6 - Get Admin Cookie Blind SQL Injection // / RUNCMS 1.6 BLIND SQL Injection Exploit get Admin Cookie / // / exploit get admin cookie that can be used / / to login by pasting it into browser Opera / / and then get access to Admin session / / and change Admins password / / / // // / teste...
windowsitpro.txt
Windowsitpro.com Homepage: http://www.windowsitpro.com Effected files: Search input box Downloading whitepapers Search input box xss vuln with cookie disclosure: We convert our javascript to hex format so we don't recieve the default "Your request cannot be processed as this time" error message...