47153 matches found
E-Store (1.0 & 2.0) <= SQL Injection Vulnerability
Exploit Author: Nawaf Alkeraithe ====================================== for "E-store 1.0": Google Dork: "Powered by: PD" inurl:"page.php?id" Vulnerable page: http://target/page.php?id=SQL Injection ====================================== for "E-store 2.0": Google Dork: "Powered by: PD"...
CVE-2014-1222 - Local File Inclusion in Vtiger CRM
Vulnerability title: Local File Inclusion in Vtiger CRM CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger CRM 5.4.0, 6.0 RC & 6.0.0 GA Fixed version: Vtiger CRM 6.0.0 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in...
[ MDVSA-2014:072 ] php-ZendFramework
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:072 http://www.mandriva.com/en/support/security/ Package : php-ZendFramework Date : April 9, 2014 Affected: Business Server 1.0 Problem Description: Updated php-ZendFramework packages fix security...
Cray supercomputers privilege escalation
root privileges escalation via aprun/apinit...
parcimonie information leakage
Information leakage via timings...
Oracle / Sun / MySQL / PeopleSoft / OpenJDK applications multiple security vulnerabilities
Quarterly update fixes 144 different vulnerabilities...
[CVE-2013-6232] Persistent Cross-Site Scripting (XSS) in SpagoBI v4.0
Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base...
Deutsche Telekom CERT Advisory [DTC-A-20140324-002] update140328 - vulnerabilities in check_mk
Deutsche Telekom CERT Advisory DTC-A-20140324-002 update140328 Summary: Several vulnerabilities were found in checkmk version 1.2.2p2. Update to original advisory: Corrected: vulnerability 5 and 6 not 4 and 5 are currently not fixed. The vulnerabilities are: 1 - Reflected Cross-Site Scripting XSS...
Multiple Vulnerabilities in SeedDMS < = 4.3.3
Product description: ============ SeedDMS is the continuation of LetoDMS because it has lost its main developer. SeedDMS is an easy to use but powerful Open Source Document Management System. http://www.seeddms.org/index.php?id=2 ============ SeedDMS Unprivileged User Remote Code Execution...
EMC RSA Data Loss Prevention privilege escalation
Privilege escalation because of invalid session management...
prosody DoS
Resources exhaustion via zip bomb...
Plex Media Server multiple security vulnerabilities
Information leakage, protection bypass, CSRF...
GetGo Download Manager buffer overflow
Buffer overflow on server response parsing...
Cisco ASA multiple security vulnerabilities
Privilege escalation authentication bypass, DoS...
MAAS security vulnerabilities
Weak permissions, crossite scripting...
Free Download Manager buffer overflow
Buffer overflow via filename...
Jetro Cockpit Secure Browsing code execution
Code execution via print-to-PDF function...
Update: CVE-2014-0053 Information Disclosure when using Grails
CVE-2014-0053 Information Disclosure in Grails applications Severity: Important Vendor: Grails by Pivotal Product Affected: - Grails Resources plugin 1.0.0 to 1.2.5 Products known to depend on the affected product: - Grails 2.0.0 to 2.3.6 Description: The Grails resources plug-in, a default...
[CVE-2014-1903] FreePBX 2.9 through 12 RCE
Overview: Unauthenticated user-level Remote Code Execution RCE vulnerability in admin/config.php, the main interface to FreePBX. This bug was introduced in FreePBX 2.9, earlier versions are not affected. Score - 8.4 AV:N/AC:L/Au:N/C:P/I:P/A:C/E:H/RL:OF/RC:C/CDP:MH/TD:ND/CR:L/IR:L/AR:M Reference t...
ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability
ESA-2014-026.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-026: EMC Documentum Content Server Information Disclosure Vulnerability EMC Identifier: ESA-2014-026 CVE Identifier: CVE-2014-0642 Severity Rating: CVSS v2 Base Score: 4 AV:N/AC:L/Au:S/C:P/I:N/A:N Affected products: • All EMC...
[CVE-2013-6233] Persistent HTML Script Insertion permits offsite-bound forms in SpagoBI v4.0
Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...
Persistent XSS in Media File Renamer V1.7.0 wordpress plugin
Title: Persistent XSS in Media File Renamer V1.7.0 wordpress plugin Date: 1/31/2014 Author: Larry W. Cashdollar, @larry0 Vendor: Notified 2/4/2014 CVE: 2014-2040 Download: http://www.meow.fr/media-file-renamer/ Vulnerability: The following functions do not sanitize input before being echoed out: ...
[USN-2105-1] MAAS vulnerabilities
========================================================================== Ubuntu Security Notice USN-2105-1 February 13, 2014 maas vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
[security bulletin] HPSBGN02986 rev.1 - HP IceWall Identity Manager and HP IceWall SSO Password Reset Option Running Apache Commons FileUpload, Remote Denial of Service (DoS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c04214298 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04214298 Version: 1 HPSBGN02986 rev....
[SECURITY] [DSA 2895-1] prosody security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2895-1 [email protected] http://www.debian.org/security/ Luciano Bello April 06, 2014 http://www.debian.org/security/faq -...
Synology DSM4 Blind SQL Injection
Title: Synology DSM Blind SQL Injection Version affected: = 4.3-3827 Vendor: Synology Discovered by: Michael Wisniewski Status: Patched The file "/photo/include/blog/article.php" contains a Blind SQL Injection Vulnerability in the 'value' variable in the URL. The vendor was contacted approximatel...
[ MDVSA-2014:046 ] phpmyadmin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:046 http://www.mandriva.com/en/support/security/ Package : phpmyadmin Date : February 21, 2014 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discovered an...
CVE-2014-5795 - Database Credentials Leak in Oracle Demantra
Vulnerability title: Database Credentials Leak in Oracle Demantra CVE: CVE-2014-5795 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: Oracle Demantra version 12.2.1 has a backend function that allows anyone to retrieve the...
CVE-2014-1216 - Remote Command Execution in Fitnesse Wiki
Vulnerability title: Remote Command Execution in Fitnesse Wiki CVE: CVE-2014-1216 Vendor: Fitnesse Product: Wiki Affected version: v20131110 and earlier Fixed version: N/A Reported by: Jerzy Kramarz Details: The Fitnesse wiki does not validate the syntax of edited pages to validate whether the...
Wordpress all_in_one_carousel Plugin /XSS/CSRF/ Vuln
Exploit : centerbWordpress allinonecarousel Plugin Xss & Csrf Vulnerability /centerbrbr html head titleWordpress allinonecarousel Plugin Xss & Csrf Vulnerability IeDb TeaM/title /headbody form action="http://YourTarget.Com" id="formid" method="post" input name="name"...
Open-Xchange Security Advisory 2014-04-08
Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Vulnerability type: Information exposure CWE-200 Vulnerable version: 7.4.2 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev13, 7.4.1-rev11, 7.2.2-rev20 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor...
[SECURITY] [DSA 2889-1] postfixadmin security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2889-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst March 28, 2014 http://www.debian.org/security/faq -...
[CVE-2013-6234] XSS File Upload in SpagoBI v4.0
Advisory Information Title: XSS File Upload Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6234 CVSS v2 Base Score: 4 CVSS v2 Vector:...
[USN-2192-1] OpenSSL vulnerabilities
========================================================================== Ubuntu Security Notice USN-2192-1 May 05, 2014 openssl vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...
ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability
ESA-2014-003.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-003: RSA® Data Loss Prevention Improper Session Management Vulnerability EMC Identifier: ESA-2014-003 CVE Identifier: CVE-2014-0624 Severity Rating: CVSS v2 Base Score: 3.5 AV:L/AC:H/Au:S/C:P/I:P/A:P Affected Products: RSA Da...
[mwrlabs advisory][CVE-2014-0748] Cray Aprun/Apinit Privilege Escalation
Cray Aprun/Apinit Privilege Escalation ====================================== MWR have identified a vulnerability which allows users to escalate their privileges to root on Cray supercomputers. This advisory details the vulnerability and the patches which Cray customers can apply in order to...
CVE-2014-0097 Spring Security Blank password may bypass user authentication
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2014-0097 Blank password may bypass user authentication Severity: Important Vendor: Spring by Pivotal Versions Affected: - - Spring Security 3.2.0 to 3.2.1 - - Spring Security 3.1.0 to 3.1.5 Description: The ActiveDirectoryLdapAuthenticator does n...
CVE-2014-1223 - Cross-site Scripting in Telligent Evolution
Vulnerability title: Cross-site Scripting in Telligent Evolution CVE: CVE-2014-1223 Vendor: Telligent Product: Evolution Affected version: 7.5.0.32466 Fixed version: 7.6.7.36651 Reported by: Jerzy Kramarz Details: It is possible for an attacker to inject JavaScript by manipulating the 'msg'...
[SECURITY] [DSA 2899-1] openafs security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2899-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst April 09, 2014 http://www.debian.org/security/faq -...
[ MDVSA-2014:057 ] mediawiki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:057 http://www.mandriva.com/en/support/security/ Package : mediawiki Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated mediawiki packages fix multiple vulnerabilities: MediaWik...
ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability
ESA-2014-019.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-019: RSA BSAFE® Micro Edition Suite Certificate Chain Processing Vulnerability EMC Identifier: ESA-2014-019 CVE Identifier: CVE-2014-0636 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected Products:...
HP IceWall Identity Manager / HP IceWall SSO Password Reset Option DoS
DoS related to Apache Commons FileUpload...
CVE-2014-5880 - Authentication Bypass in Oracle Demantra
Vulnerability title: Authentication Bypass in Oracle Demantra CVE: CVE-2014-5880 Vendor: Oracle Product: Demantra Affected version: 12.2.1 Fixed version: 12.2.3 Reported by: Oliver Gruskovnjak Details: The authentication filter in Oracle Demantra is broken by design. For example the page:...
[HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability
HTTPCS Advisory : HTTPCS127 Product : ClanSphere Version : 2011.4 Date : 2014-03-07 Criticality level : Less Critical Description : A vulnerability has been discovered in ClanSphere, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the 'where'...
JOIDS (Java OpenID Server) multiple vulnerabilities
Hi, This is a public disclosure with disarmed Proof of Concept of unpatched vulnerabilities in JOIDS Java OpenID Server. "JOIDS Java OpenID Server is a multi-domain, multi-user OpenID Provider based on OpenID4Java, Spring Framework, Hibernate, Velocity" https://code.google.com/p/openid-server/...
[CVE-2014-2206] GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
RCE Security Advisory http://www.rcesecurity.com 1. ADVISORY INFORMATION ----------------------- Product: GetGo Download Manager Vendor URL: www.getgosoft.com Type: Stack-based Buffer Overflow CWE-121 Date found: 2014-02-20 Date published: 2014-03-02 CVSSv2 Score: 10,0 AV:N/AC:L/Au:N/C:C/I:C/A:C...
CVE-2014-2044 - Remote Code Execution in ownCloud
Vulnerability title: Remote Code Execution in ownCloud CVE: CVE-2014-2044 Vendor: ownCloud Product: ownCloud Affected version: 4.0.x & 4.5.x Fixed version: 5.0 Reported by: Alejo Murillo Moya Details: A remote code execution has been found and confirmed within ownCloud as an authenticated user. A...
[CVE-2014-0072] Apache Cordova File-Transfer insecure defaults
CVE-2014-0072: Apache Cordova File-Transfer insecure defaults Severity: Important Vendor: The Apache Software Foundation Versions Affected: Cordova File-Transfer iOS plugin from Cordova versions 2.4.0 to 2.9.0 Cordova File-Transfer iOS standalone plugin org.apache.cordova.file-transfer versions...
Wordpress plugin Buddypress <= 1.9.1 privilege escalation vulnerability
Vulnerability: Wordpress plugin Buddypress = 1.9.1 privilege escalation Date: 13/02/2014 Author: Pietro Oliva Vendor Homepage: http://buddypress.org Software Link: http://downloads.wordpress.org/plugin/buddypress.1.9.1.zip Version: 1.9.1 CVE : CVE-2014-1889 Responsibly disclosed and patched in...
Blackberry Z10 buffer overflow
qconndoor service buffer overflow...