HTB22910: XSRF (CSRF) in Feng Office

Vulnerability ID: HTB22910 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfengoffice.html Product: Feng Office Vendor: Secure Data SRL http://www.fengoffice.com/ Vulnerable Version: 1.7.3.3 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site...

VMSA-2011-0006 VMware vmrun utility local privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2011-0006 Synopsis: VMware vmrun utility local privilege escalation Issue date: 2011-03-29 Updated on: 2011-03-29 initial release of...

HTB22908: XSRF (CSRF) in Collabtive

Vulnerability ID: HTB22908 Reference: http://www.htbridge.ch/advisory/xsrfcsrfincollabtive.html Product: Collabtive Vendor: Open Dynamics http://collabtive.o-dyn.de/ Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: CSRF Cross-Site Reques...

XSS Vulnerability in Tracks 1.7.2

Information -------------------- Name : XSS vulnerability in Tracks Software : Tracks 1.7.2. Vendor Hompeage : http://getontracks.org/ Vulnerability Type : Cross-Site Scripting Severity : High Researcher : Mesut Timur mesut at mavitunasecurity dot com Advisory Reference : NS-11-003 Description...

HTB22907: Directory Traversal in Collabtive

Vulnerability ID: HTB22907 Reference: http://www.htbridge.ch/advisory/directorytraversalincollabtive.html Product: Collabtive Vendor: Open Dynamics http://collabtive.o-dyn.de/ Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011 Vulnerability Type: Directory...

'Andy's PHP Knowledgebase' SQL Injection Vulnerability (CVE-2011-1546)

'Andy's PHP Knowledgebase' SQL Injection Vulnerability CVE-2011-1546 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in aviewusers.php allowing for SQL injection of the 's' query parameter. II. TESTED VERSION...

[SECURITY] [DSA 2205-1] gdm3 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2205-1 [email protected] http://www.debian.org/security/ Florian Weimer March 28, 2011 http://www.debian.org/security/faq -...

EMC Replication Manager code execution

Command execution via TCP/6542 service...

Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Cisco Network Access Control Guest Server System Software Authentication Bypass Vulnerability Advisory ID: cisco-sa-20110330-nac Revison 1.0 For Public Release 2011 March 30 1600 UTC GMT...

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-012: Security update for EMC NetWorker Module for Microsoft Applications. EMC Identifier: ESA-2011-012 CVE Identifier: CVE-2011-0647 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC NetWorker Module f...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

Zend Server code execution

It's possible to execute user-supplied code via Java Bridge TCP/10001 service...

HP Diagnostics crossite scripting

No description provided...

Comodo issued fraudlent certificates

login.live.com, mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org "Global Trustee" certificates were issued to untrusted third party...

Unidesk ReportingService Forceful Browsing Vulnerability

------------------------------------------------------------------ 1. Summary: Unidesk management appliance is prone to a forceful browsing vulnerability that allows an attacker access to administrator resources. ------------------------------------------------------------------ 2. Description: T...

HTB22905: Path disclosure in Wordpress

Vulnerability ID: HTB22905 Reference: http://www.htbridge.ch/advisory/pathdisclosureinwordpress.html Product: Wordpress Vendor: http://wordpress.org/ http://wordpress.org/ Vulnerable Version: 3.1 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Status: Not Fixed Risk level:...

[SECURITY] [DSA 2203-1] nss security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2203-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff March 26, 2011 http://www.debian.org/security/faq -...

HTB22903: XSS in Spitfire CMS

Vulnerability ID: HTB22903 Reference: http://www.htbridge.ch/advisory/xssinspitfirecms.html Product: Spitfire CMS Vendor: Spitfire http://spitfire.clausmuus.de/ Vulnerable Version: 1.0.436 Vendor Notification: 15 March 2011 Vulnerability Type: XSS Risk level: Medium Credit: High-Tech Bridge SA -...

SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability

Exploit Title: SimplisCMS 1.0.3.0 Remote File Disclosure Vulnerability home : http://www.D99Y.com Date: 27/3/2011 Author: NassRawI Software Link: http://modcove.com/index.php Demo : http://modcove.com/index.php?page=demo Version: 1.0.3.0 file : simpliscms/admin/index.php exploit :...

XSS, SQL Injection и SQL DB Structure Extraction уязвимости в Cetera eCommerce

Здравствуйте 3APA3A! Сообщаю вам о найденных мною новых Cross-Site Scripting, SQL Injection и SQL DB Structure Extraction уязвимостях в Cetera eCommerce. XSS WASC-08 также работают в версии 15.0: http://site/catalog/3Cscript3Ealertdocument.cookie3C/script3E/...

HTB22904: Path disclosure in bbPress

Vulnerability ID: HTB22904 Reference: http://www.htbridge.ch/advisory/pathdisclosureinbbpress.html Product: bbPress Vendor: http://bbpress.org http://bbpress.org Vulnerable Version: 1.0.3 Vendor Notification: 15 March 2011 Vulnerability Type: Path disclosure Risk level: Low Credit: High-Tech Brid...

ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability

ZDI-11-113: Zend Server Java Bridge Design Flaw Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-113 March 28, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Zend -- Affected Products: Zend Zend Server -- TippingPointTM IPS Customer...

[AntiSnatchOr] OpenCMS <= 7.5.3 multiple vulnerabilities

OpenCMS = 7.5.3 multiple vulnerabilities Name: OpenCMS = 7.5.3 multiple vulnerabilities Systems Affected: OpenCMS = 7.5.3 Severity: High Vendor: http://www.opencms.org Advisory: http://antisnatchor.com/opencms7.5.3multiplevulnerabilities Author: Michele "antisnatchor" Orru michele.orru AT...

[security bulletin] HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting (XSS)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02770512 Version: 1 HPSBMA02649 SSRT100430 rev.1 - HP Diagnostics, Remote Cross Site Scripting XSS NOTICE: The information in this Security Bulletin should be acted upon as soon as possible...

[SECURITY] [DSA 2204-1] imp4 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2204-1 [email protected] http://www.debian.org/security/ Steffen Joeris March 27, 2011 http://www.debian.org/security/faq -...

Wordpress plugin BackWPup Remote and Local Code Execution Vulnerability - SOS-11-003

Sense of Security - Security Advisory - SOS-11-003 Release Date. 28-Mar-2011 Last Update. - Vendor Notification Date. 25-Mar-2011 Product. Wordpress Plugin BackWPup Platform. Independent Affected versions. 1.6.1 verified, possibly others Severity Rating. High Impact. System Access Attack Vector...

SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting

Exploit Title: SimplisCMS 1.0.3.0 SQL injection / Cross Site Scripting home : http://www.D99Y.com Date: 27/3/2011 Author: NassRawI Software Link: http://modcove.com/index.php Demo : http://modcove.com/index.php?page=demo Version: 1.0.3.0 1 SQL injection http://localhost/simpliscms/admin/index.php...

TSSA-2011-01 xpdf : multiple vulnerabilities allow remote code execution

--------------------------------------------------------------------------- xpdf : multiple vulnerabilities in t1lib allow arbitrary remote code execution - --------------------------------------------------------------------------- - -- Vulnerability Summary: Date Published: 28/03/2011 Last...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

EMC Data Protection Advisor Collector weak security permissions

Weak permissions for executable files...

Apache mpm_itk module privilege escalation

Under some conditions, request is processed with root privileged...

SCADA service multiple security vulnerabilities

Large number of different vulnerabilities in factory sofware...

HP Data Protector integer overflow

Data Protector Media Operations DBServer.exe TCP/19813integer overflow is unpatched for over 180 days...

VLC media player security vulnerabilities

Buffer overflow on .AMV and .NSV parsing...

HP Virtual SAN Appliance buffer overflow

Buffer overflow in hydra.exe TCP/13838 authentication is unpatched for 180 days...

Cisco VPN privileges escalation

Privilege escalation via Dial-Up Networking interface...

ZDI-11-111: (0Day) Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability

ZDI-11-111: 0Day Hewlett-Packard Virtual SAN Appliance hydra.exe Login Request Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-111 March 23, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packa...

Vulnerabilities in some SCADA server softwares

The following are almost all the vulnerabilities I found for a quick experiment some months ago in certain well known server-side SCADA softwares still vulnerable in this moment. In case someone doesn't know SCADA like me before the tests: it's just one or more softwares usually a core, a graphic...

HTB22899: Path disclosure in SyndeoCMS

Vulnerability ID: HTB22899 Reference: http://www.htbridge.ch/advisory/pathdisclosureinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: Path disclosure Risk level: Low...

HTB22896: SQL injection vulnerability in Ripe website manager

Vulnerability ID: HTB22896 Reference: http://www.htbridge.ch/advisory/blindsqlinjectionvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification:...

HTB22901: SQL injection in SyndeoCMS

Vulnerability ID: HTB22901 Reference: http://www.htbridge.ch/advisory/sqlinjectioninsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: SQL injection Risk level: High Credit...

ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-010: EMC Data Protection Advisor Collector arbitrary code execution with elevated privileges vulnerability EMC Identifier: ESA-2011-010 CVE Identifier: CVE-2011-1420 Severity Rating: CVSS v2 Base Score: 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C Affected...

HTB22902: XSS in SyndeoCMS

Vulnerability ID: HTB22902 Reference: http://www.htbridge.ch/advisory/xssinsyndeocms.html Product: SyndeoCMS Vendor: http://www.syndeocms.org/ http://www.syndeocms.org/ Vulnerable Version: 2.8.02 Vendor Notification: 10 March 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium...

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...

HTB22895: XSS vulnerability in Ripe website manager

Vulnerability ID: HTB22895 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification: 10 March 2011...

[SECURITY] [DSA 2202-1] apache2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2202-1 [email protected] http://www.debian.org/security/ Stefan Fritsch March 23, 2011 http://www.debian.org/security/faq -...

ZDI-11-112: (0 day) Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability

ZDI-11-112: 0 day Hewlett-Packard Data Protector Media Operations DBServer.exe Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-11-112 March 23, 2011 -- CVSS: 10, AV:N/AC:L/Au:N/C:C/I:C/A:C -- Affected Vendors: Hewlett-Packard -- Affected Products: Hewlett-Packa...

HTB22897: SQL injection vulnerability in Ripe website manager

Vulnerability ID: HTB22897 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinripewebsitemanager.html Product: Ripe website manager Vendor: Ripe website manager Team http://www.ripewebsitemanager.com/ Vulnerable Version: 1.1 and probably prior versions Vendor Notification: 10...

Уязвимости в Artefact St. CMS

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Brute Force и Full path disclosure уязвимостях в системе Artefact St. CMS. Это украинская коммерческая CMS. XSS WASC-08: http://site/search/?s=3Cscript3Ealertdocument.cookie3C/script3E Brute Force WASC-11: http://site/admin/...