47153 matches found
[email protected]
Snare for Linux Cross-Site Scripting via Log Injection I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and...
Contaware FreeVimager memory corruption
Memory corruption on GIF parsing...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Snare multiple security vulnerabilities
Information leakage, CSRF, XSS...
DIMIN Viewer 5.4.0 <= WriteAV Arbitrary Code Execution
!/usr/bin/perl DIMIN Viewer 5.4.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.dimin.net Vendor Decription: View images in countless formats, and apply a variety of effects with this small, fast, and powerful application. Dimin Viewer...
Snare for Linux Password Disclosure
Snare for Linux Password Disclosure I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage. II...
SimpleInvoices 2011.1 Cross-Site-Scripting (XSS) Vulnerabilities CVE-2012-4932
Overview SimpleInvoices 2011.1 is vulnerable to Cross-site Scripting XSS. Software Description Simple Invoices is a free, open source, web based invoicing system that you can install on your server/pc or have hosted by one of our services providers. Vulnerability Overview The vulnerabilities POC...
Centrify Deployment Manager v2.1.0.283 local root
Centrify Deployment Manager v2.1.0.283 local root 12/7/2012 Taking a little longer look at the software, I managed to win a race condition and get root with files in /tmp. Here is my analysis: root@h0g:/tmp ls -l /etc/shadow -r-------- 1 root shadow 1010 Dec 7 21:42 /etc/shadow root@h0g:/tmp...
[USN-1659-1] GIMP vulnerability
========================================================================== Ubuntu Security Notice USN-1659-1 December 10, 2012 gimp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
Snare for Linux Cross-Site Request Forgery
Snare for Linux Cross-Site Request Forgery I. BACKGROUND ---------------------- Snare for Linux provides a 'C2' or 'CAPP' style audit subsystem for the Linux operating system. It can be used as a standalone auditing tool for Linux, or can send data to the Snare Server for analysis and storage. II...
DIMIN Viewer memory corruption
Memory corruption on GIF parsing...
FreeVimager 4.1.0 <= WriteAV Arbitrary Code Execution
!/usr/bin/perl FreeVimager 4.1.0 = WriteAV Arbitrary Code Execution Author: Jean Pascal Pereira [email protected] Vendor URI: http://www.contaware.com Vendor Decription: This is a Free & Fast Image Viewer and Editor for Windows. It can as well play avi video files, ordinary audio files and audio...
SilverStripe CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-011
Sense of Security - Security Advisory - SOS-12-011 Release Date. 30-Nov-2012 Last Update. - Vendor Notification Date. 29-Oct-2012 Product. SilverStripe CMS Platform. Windows Affected versions. 3.0.2 Severity Rating. Medium Impact. Privilege escalation, cross-site scripting Attack Vector. From...
Low severity flaw in RIM BlackBerry PlayBook OS browser
Summary The web browser which comes as part of the RIM BlackBerry PlayBook OS can be tricked into disclosing the contents of local files through the planting of a malicious HTML file through the standard download mechanism. It should be noted that in order to exploit this issue, user interaction ...
[USN-1641-1] OpenStack Keystone vulnerabilities
========================================================================== Ubuntu Security Notice USN-1641-1 November 28, 2012 keystone vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...
Fwd: SQL injection
Product: FOOT Gestion Version: - Vendor: Winsoft Vendor site:http://www.footgestion.ch Status: fixed Level: High ========= Description ========= FOOT Gestion is a soccer team management CMS. The solution is based on a software and a CMS website. The website module is affected by a SQL injection...
Microsoft Internet Explorer 7 memory corruption
Memory corruption on redirection to data: uri containing some tags...
Update on CVE assigned for Video Lead Form Plugin Cross-Site
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ CVE Assigned - CVE-2012-6312...
RSA NetWitness Informer multiple security vulnerabilities
Web interface multiple vulnerabilities...
RIM BlackBerry PlayBook information leakage
Local HTML file can send any data outside...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
Microsoft Internet Explorer 7
Hello 3APA3A! I want to warn you about Denial of Service vulnerabilities in Internet Explorer. I've found these DoS holes in IE7 already in August 2010. ------------------------- Affected products: ------------------------- Vulnerable are Internet Explorer 7 7.00.5730.13 and other versions of IE7...
Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL
Exploit Title : Video Lead Form Plugin Cross-Site Scripting Vulnerabilities which affects Wordpress URL Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 24/11/12 version: 0.5 software link: http://wordpress.org/extend/plugins/video-lead-form/ Video Lead Form plugin descripti...
[DC-2012-11-002] DefenseCode ThunderScan ASP.Net C# Advisory: BugTracker.Net Multiple Security Vulnerabilities
DefenseCode ThunderScan ASP.Net C Advisory: BugTracker.Net Multiple Security Vulnerabilities Advisory ID: DC-2012-11-002 Advisory Title: BugTracker.Net Multiple Security Vulnerabilities Advisory URL: http://www.defensecode.com/article/bugtracker.netmultiplesecurityvulnerabilities-31 Software:...
Forescout NAC multiple security vulnerabilities
Crossite scripting, protection bypass...
Forescout NAC (Network Access Control) multiple vulnerabilities
Forescout NAC Network Access Control multiple vulnerabilities: Forescout NAC 6.3.4.1 Cross-Site Redirection Vulnerability CVE-2012-4982 The Forescout NAC device is vulnerable to cross-site redirection and could be used to redirect a targetted victim to a malicious site. The 'a' parameter is...
Multiple vulnerabilities in dotProject
Advisory ID: HTB23124 Product: dotProject Vendor: dotproject.net Vulnerable Versions: 2.1.6 and probably prior Tested Version: 2.1.6 Vendor Notification: October 31, 2012 Vendor Patch: November 7, 2012 Public Disclosure: November 21, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site...
Update on CVE assigned for Wordpress Plugin Simple Gmail Login
Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ CVE Assigned- CVE-2012-6313. Description Once you have installed this plugin you can login to...
Wordpress Facebook Survey v1 - SQL Injection Vulnerability
Title: ====== Wordpress Facebook Survey v1 - SQL Injection Vulnerability Date: ===== 2012-11-18 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=766 VL-ID: ===== 766 Common Vulnerability Scoring System: ==================================== 8.5 Introduction: =============...
Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites
Title: ====== Manage Engine Exchange Reporter v4.1 - Multiple Web Vulnerabilites Date: ===== 2012-11-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=688 VL-ID: ===== 688 Common Vulnerability Scoring System: ==================================== 4.5 Introduction:...
XSS vulnerability in swfupload in TinyMCE, SPIP, Radiant CMS, AionWeb, Liferay Portal, SurgeMail, symfony
Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in AionWeb, Magento, Liferay Portal, SurgeMail, symfony and that this hole is available in many other web applications. In previous letters I've wrote...
FortiGate FortiDB crossite scripting
Few crossite scripting vulnerabilities...
FortiGate FortiWeb crossite scripting
Few crossite scripting vulnerabilities...
tinymcpuk xss vulnerability
================================================================= tinymcpuk xss vulnerability ================================================================= Exploit Title: tinymcpuk xss vulnerability Google Dork: n/a Date: 1/12/2012 GMT+7 Exploit Author: eidelweiss @randyarios Vendor Homepage:...
NGS000330 Technical Advisory: Squiz CMS File Path Traversal
======= Summary ======= Name: Squiz CMS - File Path Traversal Release Date: 30 November 2012 Reference: NGS00330 Discoverer: Robert Ray [email protected] Vendor: Squiz Vendor Reference: 11846 Systems Affected: Squiz CMS V11654 Risk: High Status: Published ======== TimeLine ========...
FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities
Title: ====== FortiWeb 4kC,3kC,1kC & VA - Cross Site Vulnerabilities Date: ===== 2012-12-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=702 VL-ID: ===== 702 Common Vulnerability Scoring System: ==================================== 2.1 Introduction: =============...
Multiple vulnerabilities in Achievo
Advisory ID: HTB23126 Product: Achievo Vendor: www.achievo.org Vulnerable Versions: 1.4.5 and probably prior Tested Version: 1.4.5 Vendor Notification: November 14, 2012 Public Disclosure: December 5, 2012 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting CWE-79 CVE References:...
BF and FPD vulnerabilities in MODx
Hello 3APA3A! I want to warn you about security vulnerabilities in MODx. This is the first part of the vulnerabilities in this CMS the first 19 vulnerabilities. These are Brute Force and Full path disclosure vulnerabilities in MODx. It's about 0.x and 1.x Evolution versions of MODx CMS. In 2.x...
Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability
========================================================================================== Site Builder RumahWeb Arbitrary Config File Disclosure Vulnerability ==========================================================================================...
ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities
Title: ====== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: ===== 2012-11-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=689 VL-ID: ===== 689 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
ESA-2012-052 RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities
ESA-2012-052.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-052: RSA NetWitness Informer Cross-Site Request Forgery and Click-jacking Vulnerabilities EMC Identifier: ESA-2012-052 CVE Identifier: CVE-2012-4608 CVE Identifier: CVE-2012-4609 Severity Rating: CVSS v2 Base Score: 6. 8...
OpenStack security vulnerabilities
User authorization vulnerabilities...
NGS000241 Technical Advisory: SysAid Helpdesk Pro Blind SQL Injection
======= Summary ======= Name: SysAid Helpdesk Pro - Blind SQL Injection Release Date: 30 November 2012 Reference: NGS00241 Discoverer: Daniel Compton [email protected] Vendor: SysAid Vendor Reference: Systems Affected: SysAid Helpdesk 8.5 Pro Risk: High Status: Published ========...
XSS Vulnerability in Simple Slider Wordpress Plugin
Exploit Title : Simple Slider Plugin Cross-Site Scripting Vulnerabilities Author: Aditya Balapure home: http://adityabalapure.blogspot.in/ Date: 21/11/12 version: 1.0 software link: http://wordpress.org/extend/plugins/simple-slider Simple Slider plugin description Simple Slider Plugin for WordPre...
CSRF, AoF, DoS and IAA vulnerabilities in MODx
Hello 3APA3A! I want to warn you about new security vulnerabilities in MODx. This is the second part of the vulnerabilities in this CMS 6 vulnerabilities to previous 19 vulnerabilities. These are Cross-Site Request Forgery, Abuse of Functionality, Denial of Service and Insufficient Anti-automatio...
Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability
Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ Description Once you have installed this plugin you can login to wp-admin using your ordinary...
XSS vulnerability in swfupload in TYPO3 CMS, TinyMCE, Liferay Portal, Drupal, Codeigniter, SentinelleOnAir
Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. This is finial advisory concerning different versions of this flash application. Earlier I've wrote about swfupload in Archiv plugin for TinyMCE, Squeeze Documents for SPIP, Upload Manager for...
FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability
Title: ====== FortiGate FortiDB 2kB 1kC & 400B - Cross Site Vulnerability Date: ===== 2012-11-29 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=558 VL-ID: ===== 558 Common Vulnerability Scoring System: ==================================== 2.5 Introduction: ============...
HP LaserJet printers crossite scripting
No description provided...
SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities
Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...