47153 matches found
eFront Educational v3.6.11 - Multiple Web Vulnerabilities
Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
Сross-Site Request Forgery (CSRF) in TestLink
Advisory ID: HTB23088 Product: TestLink Vendor: teamst.org Vulnerable Versions: 1.9.3 and probably prior Tested Version: 1.9.3 Vendor Notification: April 18, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Request Forgery CWE-352 CVE Reference: CVE-2012-2275 CVSSv2 Base...
Group-Office Calendar SQL Injection
Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
[security bulletin] HPSBMU02811 SSRT100937 rev.1 - HP Business Availability Center (BAC) Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), and Web Session Hijacking
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03475750 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03475750 Version: 1 HPSBMU02811...
Ektron CMS - Multiple Vulnerabilities - Security Advisory - SOS-12-009
Sense of Security - Security Advisory - SOS-12-009 Release Date. 05-Sep-2012 Last Update. - Vendor Notification Date. 07-May-2012 Product. Ektron CMS Platform. ASP.NET Affected versions. Ektron CMS version 8.5.0 and possibly others Severity Rating. High Impact. Exposure of sensitive information...
Admidio 2.3.5 Multiple security vulnerabilities
Advisory: Admidio 2.3.5 Multiple security vulnerabilities Advisory ID: SSCHADV2012-019 Author: Stefan Schurtz Affected Software: Successfully tested on Admidio 2.3.5 Vendor URL: http://www.admidio.org/ Vendor Status: fixed ========================== Vulnerability Description...
Cross-Site Scripting (XSS) Vulnerabilities in Flogr
Advisory ID: HTB23110 Product: Flogr Vendor: Flogr Vulnerable Versions: 2.5.6 and probably prior Tested Version: 2.5.6 Vendor Notification: August 15, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-4336 CVSSv2 Base Score: 4.3...
ES Job Search Engine v3.0 - SQL injection vulnerability
Title: ====== ES Job Search Engine v3.0 - SQL injection vulnerability Date: ===== 2012-08-09 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=675 VL-ID: ===== 675 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: ============= ES...
Group-Office Calendar SQL Injection
/------------------------------------- | Group-Office Calendar SQL Injection | -------------------------------------/ Summary ======= Versions of Group-Office a web app for online collaboration prior to 4.0.90 are subject to a SQL injection vulnerability located in the calendar module. A PHP file...
QNAP Turbo NAS privilege escalation
It's possible to manipulate files by absolute path...
VMWare Tools susceptible to binary planting by hijack
Security Advisory - VMWare Tools susceptible to binary planting by hijack ========================================================================= Summary : VMWare Tools susceptible to binary planting Date : 4 September 2012 Affected versions : Product versions prior to - Workstation 8.0.4 Playe...
[SECURITY] [DSA 2539-1] zabbix security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2539-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 06, 2012 http://www.debian.org/security/faq -...
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...
HP Business Availability Center security vulnerabilities
Crossite scripting, requests spoofing, sessions hijacking...
VMWare Tools privilege escalation
It's possible to execute code via DLL hijacking...
[SECURITY] [DSA 2538-1] moin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2538-1 [email protected] http://www.debian.org/security/ Raphael Geissert September 05, 2012 http://www.debian.org/security/faq -...
QNAP Turbo NAS Multiple Path Injection
Vulnerability: Multiple Path Injection Product: QNAP Turbo NAS Vendor: QNAP Version affected: = 3.7.3 build 20120801 Status: Unpatched Website: http://web.qnap.com/prodetailfeature.asp?pid=202 Discovered by: Andrea Fabrizi Email: [email protected] Web: http://www.andreafabrizi.it This...
Cross-Site Scripting (XSS) in Kayako Fusion
Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...
eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
Adobe Photoshop buffer overflow
Buffer overflow on TIFF parsing...
MAPower / Sitecom / Conceptronic storage devices directory traversal
Directory traversal via web interface...
[slackware-security] glibc (SSA:2012-244-01)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 slackware-security glibc SSA:2012-244-01 New glibc packages are available for Slackware 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+...
Secunia Research: Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow
====================================================================== Secunia Research 03/09/2012 - Adobe Photoshop TIFF SGI24LogLum Decompression Buffer Overflow - ====================================================================== Table of Contents Affected...
Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center
Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposure of...
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic GrabnGo Network Storage
Security Advisory AA-003: Directory Traversal Vulnerability in Conceptronic Grab’n’Go Network Storage Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposur...
GNU libc buffer overflow
Buffer overflow in strtod, strtof, strtold, and strtodl string functions...
XSS and IL vulnerabilities in IBM Lotus Domino
Hello 3APA3A! I want to warn you about Cross-Site Scripting and Information Leakage vulnerabilities in IBM Lotus Domino. At 15th of August IBM released the advisory concerning these Cross-Site Scripting vulnerabilities. CVE ID: CVE-2012-3302. ------------------------- Affected products:...
DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection
DataWatch Monarch BI v5.1 admin section blind SQL injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a blind SQL...
Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...
ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability
OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...
XSS and SQL Injection Vulnerabilities in Jara
Information -------------------- Name : XSS and SQL Injection Vulnerabilities in Jara Software : Jara 1.6 and possibly below. Vendor Homepage : http://sourceforge.net/projects/jara/ Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat Advisory...
Magy cms v 2.0.1121 BETA Blind Sql injection
Hello Dear ЗАРАЗА, Please see attach. Attached file is commented and complete exploit which is written in AUTOIT. It exploits targetted cms using time based way and obtains default 5 usernames + corresponding MD5 passwords from target site. If anything unclear please let us know. TIA as always...
NGS00330 Patch Notification: Squiz CMS Directory Traversal
High risk vulnerability in Squiz CMS 20 August 2012 Robert Ray of NCC Group has discovered a High risk vulnerability in Squiz CMS Impact: Directory Traversal Versions affected: Squiz CMS V11654 An updated version of the software has been released to address these vulnerabilities:...
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow
====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...
[ MDVSA-2012:140 ] mono
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ Package : mono Date : August 20, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting XSS...
apache struts2 remote code execute
this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV 4, write skill...
Vulnerabilities in JW Player Pro
Hello 3APA3A! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of...
XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS
Information -------------------- Name : XSS and Blind SQL Injection Vulnerabilities in Banana Dance CMS Software : Banana Dance CMS vB.2.1 Vendor Homepage : http://www.doyoubananadance.com Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical Researcher : Canberk Bolat...
Nike+ Panel & Mobile App - Multiple Web Vulnerabilities
Title: ====== Nike+ Panel & Mobile App - Multiple Web Vulnerabilities Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=663 VL-ID: ===== 663 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ============= Da...
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities
Title: ====== Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Date: ===== 2012-07-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=631 VL-ID: ===== 631 Common Vulnerability Scoring System: ==================================== 2 Introduction: =============...
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities
Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 http://www.vulnerability-lab.com/news/getnews.php?id=95 Manage Engine Ticket ID: 46119 VL-ID: ===== 667 Common Vulnerability...
DataWatch Monarch BI v5.1 admin section reflected cross-site scripting
Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...
[ MDVSA-2012:132 ] glpi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:132 http://www.mandriva.com/security/ Package : glpi Date : August 15, 2012 Affected: Enterprise Server 5.0 Problem Description: Multiple cross-site request forgery CSRF and cross-site scripting XSS flaws ha...
Ad Manager Pro v. 4 Remote FLI
-=--------------------ADVISORY-------------------=- Ad Manager Pro v. 4 Author: Corrado Liotta Aka CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Ad Manager Pro -=+ Version: 4 -=+ Vendor's URL: http://www.phpwebscripts.com/ad-manager-pro/ -=+...
Arasism (IR) CMS - File Upload Vulnerability
Title: ====== Arasism IR CMS - File Upload Vulnerability Date: ===== 2012-07-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=657 VL-ID: ===== 657 Common Vulnerability Scoring System: ==================================== 6.5 Abstract: ========= The Laboratory Research...
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Integer Overflow
====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Integer Overflow Vulnerability - ====================================================================== Table of Contents Affected...
SaltOS 3.1 Cross-Site Scripting vulnerability
Advisory: SaltOS 3.1 Cross-Site Scripting vulnerability Advisory ID: SSCHADV2012-018 Author: Stefan Schurtz Affected Software: Successfully tested on SaltOS 3.1 r4908 Vendor URL: http://www.saltos.net Vendor Status: fixed ========================== Vulnerability Description...
DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection
DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...
CodeIgniter <= 2.1.1 xss_clean() Cross Site Scripting filter bypass
Affected products ============== CodeIgniter = 2.1.1 PHP framework and all CodeIgniter-based PHP applications using its built-in XSS filtering mechanism. CVE ==== CVE-2012-1915 Introduction ========== CodeIgniter http://codeigniter.com is a powerful PHP framework with a very small footprint, buil...
DataWatch Monarch BI multiple security vulnerabilities
Crossite scripting, SQL injection in administration interface...