SQL Injection Vulnerability in Symphony

Advisory ID: HTB23148 Product: Symphony Vendor: http://getsymphony.com/ Vulnerable Versions: 2.3.1 and probably prior Tested Version: 2.3.1 Vendor Notification: March 13, 2013 Vendor Patch: March 24, 2013 Public Disclosure: April 3, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

SEC Consult SA-20130311-0 :: Persistent cross-site scripting in jforum

SEC Consult Vulnerability Lab Security Advisory 20130311-0 ======================================================================= title: Persistent cross-site scripting vulnerability product: jforum vulnerable version: 2.1.9 fixed version: - impact: medium homepage: http://jforum.net/ found:...

[ MDVSA-2013:147 ] libarchive

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:147 http://www.mandriva.com/en/support/security/ Package : libarchive Date : April 19, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been found and...

[ MDVSA-2013:149 ] roundcubemail

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:149 http://www.mandriva.com/en/support/security/ Package : roundcubemail Date : April 21, 2013 Affected: Business Server 1.0 Problem Description: A vulnerability has been found and corrected in roundcubemail...

Vulnerabilities in multiple plugins for WordPress with jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in multiple plugins for WordPress with jPlayer. These are Cross-Site Scripting and Content Spoofing and vulnerabilities. I've wrote about vulnerabilities in jPlayer earlier http://seclists.org/fulldisclosure/2013/Apr/192. jPlayer i...

Microsoft Antimalware privilege escalation

It's possible to execute code with local system rights...

SEC Consult 20130404-0 :: Multiple Vulnerabilities in Censornet Professional v4 (2.1.7)

SEC Consult Vulnerability Lab Security Advisory 20130404-0 ======================================================================= title: Multiple Vulnerabilities product: Censornet Professional v4 2.1.7 vulnerable version: 2.1.7 fixed version: impact: high homepage: http://www.censornet.com/...

[waraxe-2013-SA#100] - Update Spoofing Vulnerability in mRemote 1.50

waraxe-2013-SA100 - Update Spoofing Vulnerability in mRemote 1.50 =============================================================================== Author: Janek Vind "waraxe" Date: 29. March 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-100.html Description of vulnerable softwar...

Multiple Cross-Site Scripting (XSS) vulnerabilities in GetSimple CMS

Advisory ID: HTB23141 Product: GetSimple CMS Vendor: get-simple.info Vulnerable Versions: 3.1.2 and probably prior Tested Version: 3.1.2 Vendor Notification: January 23, 2013 Vendor Patch: April 26, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

Curl Ruby Gem Remote command execution

Curl Ruby Gem Remote command execution 3/12/2013 https://github.com/tg0/curl Specially crafted URLs can result in remote code execution: In ./lib/curl.rb the following lines: 131 cmd = "curl cookiesstore browsertype @setupparams ref "url" " 132 if @debug 133 puts cmd.red 134 end 135 result =...

Report OWASP WAF Naxsi bypass Vulnerability

OWASP WAF Naxsi bypass Vulnerability Certain unspecified input is not properly handed in naxsisrc/naxsiutils.c naxsiunescapeuriuchar dst, uchar src, sizet size, ngxuintt type before being used to filtered. This can be exploited to bypass some WAF rules. Naxsi site https://code.google.com/p/naxsi/...

Vulnerabilities in multiple themes for WordPress with jPlayer

Hello 3APA3A! I want to inform you about multiple vulnerabilities in multiple themes for WordPress with jPlayer. These are Cross-Site Scripting, Content Spoofing and Full path disclosure vulnerabilities. I've wrote about vulnerabilities in jPlayer earlier...

Multiple buffer overflows on Huawei SNMPv3 service

Multiple buffer overflows on Huawei SNMPv3 service ================================================== ADVISORY INFORMATION Title: Multiple buffer overflows on Huawei SNMPv3 service Discovery date: 11/02/2013 Release date: 06/05/2013 Credits: Roberto Paleari [email protected], @rpaleari...

SynConnect PMS SQL Injection Vulnerability

Title: ==== SynConnect - SQL Injection vulnerability Credit: ====== Name: Bhadresh Patel Company/affiliation: Cyberoam Technologies Private Limited Website: www.cyberoam.com CVE: ===== Date: ==== 01-03-2013 CRD: ==== CRD-2013-01 Vendor: ====== Synchroweb Technology is a provider of application...

Remote command execution in Ruby Gem Command Wrap

Remote command execution in Ruby Gem Command Wrap 3/15/2013 http://rubygems.org/gems/commandwrap Commands executed if the remote URL or filename contains the shell character ';'. The commands will be executed as the client user if tricked into using the malicious URL or filename. Examining the...

[SE-2012-01] Yet another Reflection API flaw affecting Oracle's Java SE

Hello All, Today, a vulnerability report with an accompanying Proof of Concept code was sent to Oracle notifying the company of a new security weakness affecting Java SE 7 software. The new flaw was verified to affect all versions of Java SE 7 including the recently released 1.7.021-b11. It can b...

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities

ESA-2013-015.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2013-015: RSA Archer® GRC Multiple Vulnerabilities EMC Identifier: ESA-2013-015 CVE Identifier: CVE-2013-0932, CVE-2013-0933, CVE-2013-0934 Severity Rating: CVSS v2 Base Score: See below for individual scores Affected Products: RS...

Multiple Vulnerabilities in D-Link DSL-320B

Device: DSL-320B Firmware Version: EUDSL-320B v1.23 date: 28.12.2010 Vendor URL: http://www.dlink.com/de/de/home-solutions/connect/modems-and-gateways/dsl-320b-adsl-2-ethernet-modem ============ Vulnerability Overview: ============ Access to the Config file without authentication = full...

Censornet Professional multiple security vulnerabilities

Crossite scripting, SQL injections...

Vulnerabilities in AI-Bolit

Hello 3APA3A! These are Brute Force and Information Leakage vulnerabilities in AI-Bolit. This is security web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions of AI-Bolit. In version 20121014 the filename format was changed with addin...

XSS and FPD vulnerabilities in ZeroClipboard in multiple themes for WordPress

Hello 3APA3A! These are Cross-Site Scripting and Full path disclosure vulnerabilities in multiple themes for WordPress with ZeroClipboard.swf. Earlier I've wrote about Cross-Site Scripting vulnerabilities in ZeroClipboard http://seclists.org/fulldisclosure/2013/Feb/103. I wrote that this is very...

Oracle Java / IBM Java protection bypass

Sandbox protection bypass via Reflaction API...

[SECURITY] [DSA 2653-1] icinga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2653-1 [email protected] http://www.debian.org/security/ Florian Weimer March 26, 2013 http://www.debian.org/security/faq -...

WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability

The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C: named "test.txt", which...

SQL Injection in b2evolution

Advisory ID: HTB23152 Product: b2evolution Vendor: b2evolution Group Vulnerable Versions: 4.1.6 and probably prior Tested Version: 4.1.6 Vendor Notification: April 10, 2013 Vendor Patch: April 29, 2013 Public Disclosure: May 1, 2013 Vulnerability Type: SQL Injection CWE-89 CVE Reference:...

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API Severity: Important Vendor: The Apache Software Foundation Versions Affected: Rave 0.11 to 0.20 Description: Rave returns the full user object, including the salted and hashed password, via the User RPC API. This endpoint is only available to...

Remote command injection in Ruby Gem kelredd-pruview 0.3.8

Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar 4/4/2013 @larry0 Description: "A gem to ease generating image previews thumbnails of various files." https://rubygems.org/gems/kelredd-pruview Remote commands can be executed if the file name contains shell meta...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

OpenText/IXOS ECM for SAP NetWeaver code exeution

ABAP code injection...

Cisco Unified Computing System multiple security vulnerabilities

Buffer overflow, information leakage, authentication bypass, DoS...

[USN-1800-1] HAProxy vulnerabilities

========================================================================== Ubuntu Security Notice USN-1800-1 April 15, 2013 haproxy vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

waraxe-2013-SA103 - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25. April 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-103.html Description of vulnerable software:...

DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal

Title ----- DDIVRT-2013-52 Dell EqualLogic PS6110X Directory Traversal Severity -------- High Discovered By ------------- Evan Sylvester and r@b13$ Date Discovered --------------- February 19, 2013 Vulnerability Description ------------------------- The Dell EqualLogic PS6110X is vulnerable to a...

[security bulletin] HPSBPI02868 SSRT101017 rev.1 - HP Managed Printing Administration (MPA), Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03737200 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03737200 Version: 1 HPSBPI02868...

[KIS-2013-04] Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability

------------------------------------------------------------------ Joomla! = 3.0.3 remember.php PHP Object Injection Vulnerability ------------------------------------------------------------------ - Software Link: http://www.joomla.org/ - Affected Versions: Version 3.0.3 and earlier 3.0.x...

[ MDVSA-2013:160 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:160 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : May 3, 2013 Affected: Business Server 1.0 Problem Description: Updated phpmyadmin package fixes security vulnerabilities: In some...

Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability

Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability Software : Syslog Watcher Pro Software Version : v2.8.0.812Jun 15, 2009 Vendor: http://www.snmpsoft.com/ Vulnerability Published : 2013-04-27 Vulnerability Update Time : Status : Impact : MediumCVSS2 Base : 6.4,...

[ISecAuditors Security Advisories] Multiple Full Path Disclosure Vulnerabilities in TinyWebGallery <= v1.8.9

============================================= INTERNET SECURITY AUDITORS ALERT 2013-012 - Original release date: March 19th, 2013 - Last revised: April 6th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 5/10 CVSS Base Score - CVE-ID: CVE-2013-2631...

Site by Webrevelation SQL Injection Vulnerability

=========================================================== Site by Webrevelation SQL Injection Vulnerability =========================================================== :-----------------------------------------------------------------------------------------------------------------------: :...

hornbill supportworks SQL injection

Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

OWASP WAF protection bypass

It's possible to bypass protection by using non-standard URL encodings...

Multiple vulnerabilities in Colormix theme for WordPress

Hello 3APA3A! Last year I've disclosed vulnerabilities in JW Player and in RokBox. Which were fixed by the developers - JW Player developers fixed one hole and promised to fix others later and RokBox fixed all holes but it was questionable how they fixed holes related to JW Player. In December I'...

VULNERABLE and COMPLETELY outdated 3rd-party libraries/components used in 3CX Phone 6

Hi @ll, the current 3CXPhone6.msi for Windows, available from http://www.3cx.com/VOIP/sip-phone/, digitally signed on 2012-07-30, installs the following outdated and vulnerable 3rd-party libraries: libeay32.dll and ssleay32.dll version 0.9.8h from 2008-05-28 of OpenSSL. The current version of...

Open-Xchange Security Advisory 2013-04-17

Open-Xchange Security Advisory multiple vulnerabilities Multiple security issues for Open-Xchange Server 6 and OX AppSuite have been discovered and fixed. The vendor has chosen a responsible full disclosure method to publish security issue details. Users of the software have already been provided...

MailOrderWorks v5.907 - Multiple Web Vulnerabilities

Title: ====== MailOrderWorks v5.907 - Multiple Web Vulnerabilities Date: ===== 2013-01-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=798 VL-ID: ===== 796 Common Vulnerability Scoring System: ==================================== 4.5 Introduction: ============= Mail...

[SECURITY] [DSA 2646-1] typo3-src security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2646-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez March 15, 2013 http://www.debian.org/security/faq -...

Huawei devices buffer overflow

Multiple buffer overflows in SNMPv3 daemon...