47153 matches found
Social Engine v4.2.5 - Multiple Web Vulnerabilities
Title: ====== Social Engine v4.2.5 - Multiple Web Vulnerabilities Date: ===== 2012-07-31 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=672 VL-ID: ===== 672 Common Vulnerability Scoring System: ==================================== 3 Abstract: ========= A Laboratory...
NGS00208 Patch Notification: Moodle CMS stored XSS
High risk vulnerability in Moodle CMS 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in Moodle CMS Impact: Stored XSS Versions affected: Moodle v2.2.1 An updated version of the software has been released to address these vulnerabilities:...
tekno.Portal 0.1b - SQLi Vulnerability in "anket.php"
Title: tekno.Portal 0.1b - SQLi Vulnerability in "anket.php" Date: 07-25-2012 Author: Socket0x03 Alvaro J. Gene Email: [email protected] Website: www.teraexe.com Vulnerable Application: tekno.Portal Version: 0.1b File: anket.php SQL Injection:...
NeoInvoice Blind SQL Injection (CVE-2012-3477)
NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signupcheck.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the...
Joomla com_fireboard - SQL Injection Vulnerability
Title: ====== Joomla comfireboard - SQL Injection Vulnerability Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=655 VL-ID: ===== 655 Common Vulnerability Scoring System: ==================================== 7.3 Introduction: ============= Joomla i...
TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer
Trustwave SpiderLabs Security Advisory TWSL2012-014: Multiple Vulnerabilities in Scrutinizer NetFlow & sFlow Analyzer Published: 07/27/12 Version: 1.0 Vendor: Plixer International http://www.plixer.com Product: Scrutinizer NetFlow and sFlow Analyzer Version affected: Confirmed 9.0.1 Build...
ME Mobile Application Manager v10 - SQL Vulnerabilities
Title: ====== ME Mobile Application Manager v10 - SQL Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=628 VL-ID: ===== 628 Common Vulnerability Scoring System: ==================================== 8.1 Introduction: =============...
DataWatch Monarch Business Intelligence (BI) v5.1 client section stored cross-site scripting
DataWatch Monarch BI v5.1 client section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a stored...
7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities
Title: ====== 7sepehr CMS 2012 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-08-12 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=679 VL-ID: ===== 680 Common Vulnerability Scoring System: ==================================== 8.3 Abstract: ========= The...
[USN-1543-1] Config-IniFiles vulnerability
========================================================================== Ubuntu Security Notice USN-1543-1 August 20, 2012 libconfig-inifiles-perl vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities
Advisory: WordPress Plugin 'Quick Post Widget' 1.9.1 Multiple Cross-site scripting vulnerabilities Advisory ID: SSCHADV2012-016 Author: Stefan Schurtz Affected Software: Successfully tested on Quick Post Widget 1.9.1 Vendor URL: http://qpw.famvanakkeren.nl/ Vendor Status: informed CVE-ID:...
Temenos T24 security vulnerabilities
Authentication bypass, crossite scripting...
[SECURITY] [DSA 2533-1] pcp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2533-1 [email protected] http://www.debian.org/security/ Florian Weimer August 23, 2012 http://www.debian.org/security/faq -...
pcp multiple security vulnerabilities
Buffer overflow, information leakage, DoS...
Total Shop UK eCommerce Generic Cross-Site Scripting
/------------------------------------------------------ | Total Shop UK eCommerce Generic Cross-Site Scripting | ------------------------------------------------------/ Summary ======= The open source version of Total Shop UK eCommerce based on CodeIgniter version 2.1.2 is subject to a cross-site...
Config::IniFiles symbolic links vulnerability
Symbolic links vulnerability on temporary files creation...
ME Application Manager 10 - Multiple Web Vulnerabilities
Title: ====== ME Application Manager 10 - Multiple Web Vulnerabilities Date: ===== 2012-07-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=627 VL-ID: ===== 627 Common Vulnerability Scoring System: ==================================== 7.2 Introduction: =============...
Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities
Title: ====== Flynax General Classifieds v4.0 CMS - Multiple Vulnerabilities Date: ===== 2012-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=659 VL-ID: ===== 659 Common Vulnerability Scoring System: ==================================== 8.3 Introduction:...
ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities
Title: ====== ShopperPress v2.7 Wordpress - Cross Site Vulnerabilities Date: ===== 2012-08-02 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=670 VL-ID: ===== 670 Common Vulnerability Scoring System: ==================================== 2.4 Introduction: =============...
Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities
Title: ====== Flogr v2.5.6 & v2.3 - Cross Site Script Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=656 VL-ID: ===== 656 Common Vulnerability Scoring System: ==================================== 2 Introduction: ============= Flog...
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008
Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 Release Date. 24-Aug-2012 Last Update. - Vendor Notification Date. 28-Oct-2011 Product. Elcom CMS - Community Manager Platform. ASP.NET Affected versions. Elcom Community Manager version 7.4.10 and...
Wordpress (chenpress Plugin) Arbitrary File Upload Vulnerability
a bug in Wordpress chenpress Plugin that allows to us to occur a File Upload on a Remote machin. Exploit Title : Wordpress chenpress Plugin Arbitrary File Upload Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link : http://wordpress.org Security Risk :...
Group-Office Cleartext Credentials Stored in Cookies
/------------------------------------------------------ | Group-Office Cleartext Credentials Stored in Cookies | ------------------------------------------------------/ Summary ======= Group-Office 4.0.71 was found to display a behaviour that could potentially expose a user's username and clearte...
DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting
DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...
NGS00242 Patch Notification: SysAid Helpdesk stored XSS
High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Stored XSS Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these vulnerabilities...
NGS00241 Patch Notification: SysAid Helpdesk blind SQL injection
High risk vulnerability in SysAid Helpdesk 20 August 2012 Daniel Compton of NCC Group has discovered a High risk vulnerability in SysAid Helpdesk Impact: Blind SQL injection Versions affected: SysAid Helpdesk Pro v8.5.04 An updated version of the software has been released to address these...
Citrix Access Gateway plugin security vulnerabilities
Buffer overflow, integer overflow...
XSS and SQL Injection Vulnerabilities in OrderSys
Information -------------------- Name : XSS and SQL Injection Vulnerabilities in OrderSys Software : OrderSys 1.6.4 and possibly below. Vendor Homepage : http://www.bioinformatics.org/phplabware/labwiki/index.php Vulnerability Type : Cross-Site Scripting and SQL Injection Severity : Critical...
ocPoral CMS 8.x | Session Hijacking Vulnerability
OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...
Dr. Web Control Center Admin UI Remote Script Code Injection
Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...
Dr. Web Enterprise Server crossite scripting
Crossite scripting via logs...
TEMENOS T24 R07.03 Authentication Bypass
TEMENOS T24 R07.03 authentication bypass Class: Access Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to properly enfor...
TCExam Edit SQL Injection
/--------------------------- | TCExam Edit SQL Injection | ---------------------------/ Summary ======= TCExam 11.3.007 is prone to a SQL injection flaw located in tceeditanswer.php and tceeditquestion.php. These files pass a 'subjectmoduleid' parameter into a SQL statement without satisfactory...
ShopperPress v2.7 Wordpress - SQL Injection Vulnerability
Title: ====== ShopperPress v2.7 Wordpress - SQL Injection Vulnerability Date: ===== 2012-08-01 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=669 VL-ID: ===== 669 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: =============...
TEMENOS T24 R07.03 Reflected Cross-Site Scripting
TEMENOS T24 R07.03 reflected cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: TEMENOS T24 R07.03 TEMENOS T24 is prone to a reflected cross-site scripting vulnerability because it...
ocPoral CMS 8.x | Cross Site Request Forgery (CSRF) Vulnerability
OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Cross-site Request Forgery CSRF / XSRF. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful feature-set means there's always a way to...
DataWatch Monarch Business Intelligence (BI) v5.1 Blind SQL injection
DataWatch Monarch BI v5.1 admin section blind SQL injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI client section is prone to a blind SQL...
Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities
Title: ====== Distimo Monitor 6.0 - Multiple Cross Site Vulnerabilities Date: ===== 2012-07-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=631 VL-ID: ===== 631 Common Vulnerability Scoring System: ==================================== 2 Introduction: =============...
Secunia Research: Citrix Access Gateway Plug-in for Windows nsepacom ActiveX Control Buffer Overflow
====================================================================== Secunia Research 01/08/2012 - Citrix Access Gateway Plug-in for Windows - - "nsepacom" ActiveX Buffer Overflow Vulnerability - ====================================================================== Table of Contents Affected...
Security advisory for Bugzilla 4.3.2, 4.2.2, 4.0.7 and 3.6.10
Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issues have been discovered in Bugzilla: In HTML bugmails, an improper validation of the permissions of the addressee can lead to confidential information about bugs and...
[ MDVSA-2012:140 ] mono
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2012:140 http://www.mandriva.com/security/ Package : mono Date : August 20, 2012 Affected: 2011. Problem Description: A vulnerability has been discovered and corrected in mono: Cross-site scripting XSS...
ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities
Title: ====== ManageEngine OpStor v7.4 - Multiple Web Vulnerabilities Date: ===== 2012-08-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=667 http://www.vulnerability-lab.com/news/getnews.php?id=95 Manage Engine Ticket ID: 46119 VL-ID: ===== 667 Common Vulnerability...
DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection
DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...
apache struts2 remote code execute
this method was published at xcon2012 xcon.xfocus.net. kxlzx http://www.inbreak.net flow this and step by step: 1, down load struts2-showcase from struts.apache.org 2, run struts2-showcase. 3, open url: http://localhost:8080/struts2-showcase/skill/edit.action?skillName=SPRING-DEV 4, write skill...
SOAP и UploadFileHandler.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ZDI-12-178 : 0Day HP SiteScope SOAP Call update Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-178 August 29, 2012 - -- CVE ID: - -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C - -- Affected Vendors: Hewlett-Packard - ...
Novell ZENWorks AdminStudio ActiveX memory corruption
ISGrid.dll memory corruption...
AST-2012-012: Asterisk Manager User Unauthorized Shell Access
Asterisk Project Security Advisory - AST-2012-012 Product Asterisk Summary Asterisk Manager User Unauthorized Shell Access Nature of Advisory Permission Escalation Susceptibility Remote Authenticated Sessions Severity Minor Exploits Known No Reported On July 13, 2012 Reported By Zubair Ashraf of...
HP Application Lifecycle Management ActiveX memory ovewritting
Memory overwritting of user-controlled address in XGO.ocx...
[SECURITY] [DSA 2535-1] rtfm security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2535-1 [email protected] http://www.debian.org/security/ Florian Weimer August 29, 2012 http://www.debian.org/security/faq -...
HP Operations Orchestration SQL injection
SQL injection in TCP/9001 RSScheduler service...