[CVE- Requested][Vembu Storegrid - Multiple Critical Vulnerabilities]

Advisory Overview Multiple vulnerabilities exist in the Vembu Storegrid Backup and Disaster Recovery solution affecting both the client and server software see Additional Information section include but are not limited to reflected XSS, source code/sensitive information disclosure, privilege...

HttpFileServer 2.3.x Remote Command Execution

Affected software: http://sourceforge.net/projects/hfs/ Version : 2.3x Exploit Title: HttpFileServer 2.3.x Remote Command Execution Google Dork: intext:"httpfileserver 2.3" Date: 11-09-2014 Remote: Yes Exploit Author: Daniele Linguaglossa Vendor Homepage: http://rejetto.com/ Software Link:...

HttpFileServer code execution

Code execution via GET request...

[security bulletin] HPSBUX03139 SSRT101608 rev.1 - HP-UX running System Management Homepage (SMH), Remote Cross-Site Request Forgery

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04476799 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04476799 Version: 1 HPSBUX03139...

wpa_supplicant shell characters vulnerability

Insufficient character filtering...

SQL Injection in Е2

Advisory ID: HTB23222 Product: Е2 Vendor: Ilya Birman Vulnerable Versions: v2844 and probably prior Tested Version: v2844 Advisory Publication: July 2, 2014 without technical details Vendor Notification: July 2, 2014 Vendor Patch: July 3, 2014 Public Disclosure: July 23, 2014 Vulnerability Type:...

serf / Apache httpcomponents HttpClient / Jakarta Commons HttpClient SSL validation bypass

Invalid parsing of certificates with NUL character in CN...

CVE-2014-5393 Path Traversal to Sensitive Files in Webroot in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5393 =================== "Path Traversal to Sensitive Files in Webroot" CWE-219 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload...

Avolve Software ProjectDox Multiple Vulnerability Disclosure

--------------------------------------------------------------------- Product: ProjectDox Vendor: Avolve Software Vulnerable Version: 8.1 Tested Version: 8.1 Vendor Notification: May 30, 2014 Public Disclosure: September 3, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference:...

Multiple SQL Injection Vulnerabilities in web2Project

Advisory ID: HTB23213 Product: web2Project Vendor: http://web2project.net Vulnerable Versions: 3.1 and probably prior Tested Version: 3.1 Advisory Publication: April 30, 2014 without technical details Vendor Notification: April 30, 2014 Vendor Patch: May 1, 2014 Public Disclosure: June 18, 2014...

Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities

Document Title: =============== Secunia CSI/VIM - Filter Bypass & Persistent Validation Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1272 Release Date: ============= 2014-06-18 Vulnerability Laboratory ID VL-ID:...

[USN-2382-1] Requests vulnerabilities

========================================================================== Ubuntu Security Notice USN-2382-1 October 14, 2014 requests vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: ...

[The ManageOwnage Series, part II]: User credential disclosure in ManageEngine DeviceExpert

Hi, You can read the usernames and MD5 hashed passwords of all the users in the Device Expert application by sending an unauthenticated request. I am releasing this as a 0 day as ManageEngine have responded that they do not consider this a priority and won't fix it in the near future unless a...

Open-Xchange multiple security vulnerabilities

XSS, directory traversal, SSRF, restrictions bypass...

Osclass Security Advisory - LFI Vulnerability - CVE-2014-6308

Information ----------- Advisory by Netsparker. Name : LFI Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Local File Inclusion Severity : Critical CVE-ID: CVE-2014-6308 Netsparker Advisory...

SQL Injection in Dolphin

Advisory ID: HTB23216 Product: Dolphin Vendor: BoonEx Vulnerable Versions: 7.1.4 and probably prior Tested Version: 7.1.4 Advisory Publication: May 21, 2014 without technical details Vendor Notification: May 21, 2014 Vendor Patch: June 17, 2014 Public Disclosure: June 18, 2014 Vulnerability Type:...

[ MDVSA-2014:170 ] jakarta-commons-httpclient

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:170 http://www.mandriva.com/en/support/security/ Package : jakarta-commons-httpclient Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated jakarta-commons-httpclient and...

[USN-2383-1] wpa_supplicant vulnerability

========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...

SaaS Marketing platform Hubspot export vulnerability

Hubspot is a widely used SaaS marketing platform to email all your customers, collect data about them and attract new customers. It's is common practice to keep customer lists in Hubspot to send newsletters or other email communication. Hubspot has hardcoded roles that grant users access to vario...

ownCloud Unencrypted Private Key Exposure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Senderek Web Security - Security Advisory ownCloud Unencrypted Private Key Exposure ========================================= https://senderek.ie/archive/2014/owncloudunencryptedprivatekeyexposure.php Revision: 1.00 Last Updated: 3 Aug 2014 Summary: I...

[ MDVSA-2014:162 ] catfish

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:162 http://www.mandriva.com/en/support/security/ Package : catfish Date : September 2, 2014 Affected: Business Server 1.0 Problem Description: Updated catfish package fixes security vulnerability: Untrusted...

Cross-Site Request Forgery (CSRF) in Kanboard

Advisory ID: HTB23217 Product: Kanboard Vendor: http://kanboard.net/ Vulnerable Versions: 1.0.5 and probably prior Tested Version: 1.0.5 Advisory Publication: May 28, 2014 without technical details Vendor Notification: May 28, 2014 Vendor Patch: June 30, 2014 Public Disclosure: July 2, 2014...

ClipBucket CMS Xss Vulnerability

Xss Vulnerability In ClipBucket CMS @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@ @@@ @@@ @@@ @@ @@@ @...

Sierra Library Services Platform Multiple Vulnerability Disclosure

Product: Sierra Library Services Platform Vendor: Innovative Interfaces Inc Vulnerable Version: 1.23 Tested Version: 1.23 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5136 Risk Level: Medium CVSSv2 Ba...

Microsoft Windows multiple security vulnerabilities

Restrictions bypass and memory corruptions in Internet Explorer, .Net code execution, TrueType embedded fonts code execution, OLE code execution, message queue service and FAT32 driver privilege escalation...

[ MDVSA-2014:144 ] live

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:144 http://www.mandriva.com/en/support/security/ Package : live Date : July 30, 2014 Affected: Business Server 1.0 Problem Description: Updated live fix security vulnerability: The live555 RTSP streaming...

VMware NSX and vCNS information disclosure

No description provided...

Requests library security vulnerabilities

Authentication information leaks are possible...

Security advisory for Bugzilla 4.5.5, 4.4.5, 4.2.10, and 4.0.14

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: An attacker can get access to some bug information using the victim's credentials using a specially crafted HTML page. All affecte...

[SECURITY] [DSA 3013-1] s3ql security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3013-1 [email protected] http://www.debian.org/security/ Florian Weiemr August 27, 2014 http://www.debian.org/security/faq -...

Embarcadero Delphi / C++ Builder VCL library buffer overflow

Buffer overflow on BMP parsing...

Microsoft Word code execution

Code execution on Word document parsing...

Osclass Security Advisory - Multiple XSS Vulnerabilities - CVE-2014-6280

Information ------------ Advisory by Netsparker. Name: XSS Vulnerability in OsClass Affected Software : OsClass Affected Versions: 3.4.1 and possibly below Vendor Homepage : http://osclass.org/ Vulnerability Type : Cross-site Scripting Severity : Critical CVE-ID: CVE-2014-6280 Netsparker Advisory...

[RT-SA-2013-002] Endeca Latitude Cross-Site Request Forgery

Advisory: Endeca Latitude Cross-Site Request Forgery RedTeam Pentesting discovered a Cross-Site Request Forgery CSRF vulnerability in Endeca Latitude. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely...

Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite

Advisory ID: HTB23215 Product: Storesprite Vendor: Lamp Design Limited Vulnerable Versions: 7 and probably prior Tested Version: 7 Advisory Publication: May 14, 2014 without technical details Vendor Notification: May 14, 2014 Vendor Patch: June 19, 2014 Public Disclosure: June 25, 2014...

EMC RSA Identity Management and Governance authentication bypass

Authentication bypass if NovellIM is used...

Mozilla Firefox / Thunderbird / Seamonkey multiple security vulnerabilities

Multiple memory corruptions, buffer overflows, restriction bypass...

NEW VMSA-2014-0009 VMware NSX and vCNS product updates address a critical information disclosure vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ VMware Security Advisory Advisory ID: VMSA-2014-0009 Synopsis: VMware NSX and vCNS product updates address a critical information disclosure vulnerability Issue date: 2014-09-1...

[SECURITY] [DSA 3017-1] php-cas security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3017-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 2, 2014 http://www.debian.org/security/faq -...

Encore Discovery Solution Multiple Vulnerability Disclosure

Product: Encore Discovery Solution Vendor: Innovative Interfaces Inc Vulnerable Version: 4.3 Tested Version: 4.3 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Open Redirect CWE-601 CVE Reference: CVE-2014-5127 Risk Level: Medium CVSSv2 Base Score: 4.3...

[CORE-2014-0005] - Advantech WebAccess Vulnerabilities

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Advantech WebAccess Vulnerabilities 1. Advisory Information Title: Advantech WebAccess Vulnerabilities Advisory ID: CORE-2014-0005 Advisory URL: http://www.coresecurity.com/advisories/advantech-webaccess-vulnerabilities Date...

Avira License Application - Cross Site Request Forgery Vulnerability

Document Title: =============== Avira License Application - Cross Site Request Forgery Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1302 Video: http://www.vulnerability-lab.com/getcontent.php?id=1301 Release Date: ============= 2014-08-2...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc...

[RT-SA-2014-008] Python CGIHTTPServer File Disclosure and Potential Code Execution

Advisory: Python CGIHTTPServer File Disclosure and Potential Code Execution The CGIHTTPServer Python module does not properly handle URL-encoded path separators in URLs. This may enable attackers to disclose a CGI script's source code or execute arbitrary CGI scripts in the server's document root...

Avira License Application CSRF

Crossite request forgery in web interface...

catfish code execution

catfish.py in current path is executed...

CVE-2014-5391 DOM-based Cross-Site Scripting (XSS) in "JobScheduler"

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-5391 =================== "DOM-based Cross-Site Scripting XSS" CWE-79 vulnerability in "JobScheduler" product Vendor =================== Software- & Organisations-Service GmbH Product =================== "JobScheduler is a workload automation...

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...

Aerohive Hive Manager and Hive OS Multiple Vulnerabilities

, , . '.' '. ', . , '. , .', , / / / ==/ / / / / / / | Y Y / /| / /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Aerohive Hive Manager and Hive OS Multiple Vulnerabilities Affected Versions: Aerohive Hive Manager Stand-alone and Cloud = 6.1R3 and HiveOS 6.1R3 PDF:...

HP System Management Homepage multiple security vulnerabilities

DoS, XSS, CSRF, clickjacking, unauthorized access, information leakage...