SQL Injection in Chamilo LMS

Advisory ID: HTB23182 Product: Chamilo LMS Vendor: Chamilo Association Vulnerable Versions: 1.9.6 and probably prior Tested Version: 1.9.6 Advisory Publication: November 6, 2013 without technical details Vendor Notification: November 6, 2013 Vendor Patch: November 9, 2013 Public Disclosure:...

Remote Code Execution in Microweber

Advisory ID: HTB23175 Product: Microweber Vendor: Microweber Vulnerable Versions: 0.8 and probably prior Tested Version: 0.8 Advisory Publication: September 25, 2013 without technical details Vendor Notification: September 25, 2013 Vendor Patch: September 26, 2013 Public Disclosure: October 16,...

BF, LE and IAA vulnerabilities in InstantCMS

Hello 3APA3A! In addition to multiple vulnerabilities in InstantCMS, which I've disclosed earlier, here are new ones. These are Brute Force, Login Enumeration and Insufficient Anti-automation vulnerabilities in InstantCMS. ------------------------- Affected products: -------------------------...

Intersystems Cache Remote Code Execution (via Default 'Minimal Security' Install)

------------------- 1 Overview Title: Intersystems Cache Remote Code Execution via Default 'Minimal Security' Install Product: Intersystems Cache Product URL: http://www.intersystems.com/cache/index.html Vendor: Intersystems Affected Versions: Tested on Cache for Windows x86-64 & i386 2009. thru...

[PT-2013-46] Local File Include in Nagios Looking Glass

----------------------------------------------------------- PT-2013-46 Positive Technologies Security Advisory Local File Include in Nagios Looking Glass ----------------------------------------------------------- --- Vulnerable software Nagios Looking Glass Version: 1.1.0 beta 2 and earlier Link...

Cross-Site Scripting (XSS) in Tweet Blender Wordpress Plugin

Advisory ID: HTB23180 Product: Tweet Blender Wordpress Plugin Vendor: kirilln Vulnerable Versions: 4.0.1 and probably prior Tested Version: 4.0.1 Advisory Publication: October 25, 2013 without technical details Vendor Notification: October 25, 2013 Vendor Patch: November 13, 2013 Public Disclosur...

XSS and FPD vulnerabilities in LBG Zoom In/Out Effect Slider for WordPress

Hello 3APA3A! I want to inform you about vulnerabilities in LBG Zoom In/Out Effect Slider plugin for WordPress. In addition to one XSS in this plugin, which was disclosed earlier http://packetstormsecurity.com/files/123367/WordPress-LBG-Zoominoutslider-Cross-Site-Scripting.html. These are...

Opencart Multiple Vulnerabilities

Title: Opencart Multiple Vulnerabilities Vendor: http://www.opencart.com Vulnerabilities: Arbitrary File Upload, XSS, Path Disclosure Vulnerable Version: opencart 1.5.6 prior versions also may be affected Exploitation: Remote with browser Impact: High Vendor Supplied Patch: N/A Original Advisory...

[ISecAuditors Security Advisories] PL/SQL Injection in Oracle Portal Demo Organization Chart

============================================= INTERNET SECURITY AUDITORS ALERT 2012-001 - Original release date: November 8th, 2012 - Last revised: March 20th, 2013 - Discovered by: Manuel Garcia Cardenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2013-3831...

SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution

Title: SKIDATA RFID Freemotion.Gate Unauthenticated Web Service Aribtrary Remote Command Execution Product: Freemotion.Gate Vendor: SKIDATA, http://www.skidata.com/en/ RTP|One, http://http://www.rtp.com/ Vulnerable Versions: 4.1.3.5 and likely all prior versions. Tested Version: 4.1.3.5 Original...

Critical vulnerabilities discovered in Gazelle and TBDEV.net

Hi guys, Gazelle and TBDEV.NET are the most popular web applications used as BitTorrent trackers. A BitTorrent tracker is an application that assists in the communication between peers using the BitTorrent protocol. BitTorrent trackers can be public/open where anybody can join or private where an...

[OVSA20131108] OpenVAS Manager And OpenVAS Administrator Vulnerable To Partial Authentication Bypass

Summary It has been identified that OpenVAS Manager and OpenVAS Administrator are vulnerable to authentication bypass due to an incorrect state assignment when processing OMP and OAP requests. It has been identified that this vulnerability may allow unauthorised access to OpenVAS Manager and...

[ISecAuditors Security Advisories] SQL Injection vulnerability in "Project'Or RIA" allow arbitrary access to the database and the file system

============================================= INTERNET SECURITY AUDITORS ALERT 2013-017 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 6.8/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6164...

[USN-2049-1] Linux kernel vulnerabilities

========================================================================== Ubuntu Security Notice USN-2049-1 December 07, 2013 linux vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

[SOJOBO-ADV-13-04] - PHP-Nuke 8.2.4 multiple vulnerabilities

SOJOBO-ADV-13-04 - PHP-Nuke 8.2.4 multiple vulnerabilities I. Information ================== Name : PHP-Nuke 8.2.4 multiple vulnerabilities Software : PHP-Nuke 8.2.4 and possibly below. Vendor Homepage : http://www.phpnuke.org/ Vulnerability Type : File Inclusion and Reflected Cross-Site Scriptin...

NEW VMSA-2013-0014 VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2013-0014 Synopsis: VMware Workstation, Fusion, ESXi and ESX patches address a guest privilege escalation Issue date: 2013-12-03 Updat...

[SOJOBO-ADV-13-03] - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting

SOJOBO-ADV-13-03 - Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting I. Information ================== Name : Wordpress plugin Gallery Bank 2.0.19 Reflected Cross Site Scripting Software : Gallery Bank 2.0.19 and possibly below. Vendor Homepage : http://gallery-bank.com/...

[KIS-2013-10] openSIS <= 5.2 (ajax.php) PHP Code Injection Vulnerability

---------------------------------------------------------- openSIS = 5.2 ajax.php PHP Code Injection Vulnerability ---------------------------------------------------------- - Software Link: http://www.opensis.com/ - Affected Versions: All versions from 4.5 to 5.2. - Vulnerability Description: Th...

Belkin WiFi NetCam video stream backdoor with unchangeable admin/admin credentials

Product: Product NetCam WiFi Camera With Night Vision, purchased August 2013 Summary: Live video stream is accessible with user/password of admin/admin. The user/password combination admin/admin cannot be changed by the user. This "feature" is undocumented. To reproduce: 1. Connect webcam to...

[ MDVSA-2013:256 ] apache-mod_fcgid

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:256 http://www.mandriva.com/en/support/security/ Package : apache-modfcgid Date : October 18, 2013 Affected: Business Server 1.0 Problem Description: Updated apache-modfcgid package fixes security...

Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities

Document Title: =============== Imagam iFiles v1.16.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1160 Release Date: ============= 2013-12-03 Vulnerability Laboratory ID VL-ID: ====================================...

CSRF Horde Groupware Web mail Edition

Exploit Title : CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, se...

Osirix information leakage

Secret key is copied into file...

XSS and CSRF Horde Groupware Web mail Edition

Exploit Title : XSS and CSRF Horde Groupware Web mail Edition Author:Marcela Benetrix Date: 10/28/13 version: 5.1.2 software link:http://www.horde.org/apps/webmail GroupWare Web mail Edition Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can...

Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities

Document Title: =============== Wireless Transfer App 3.7 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1152 Release Date: ============= 2013-12-04 Vulnerability Laboratory ID VL-ID: ==================================...

Document Title: =============== GTX CMS 2013 Optima - Multiple Web Vulnerabilities References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1124 Release Date: ============= 2013-10-29 Vulnerability

Document Title: =============== Olat CMS 7.8.0.1 - Persistent Calender Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1125 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID: ====================================...

[SECURITY] [DSA 2794-1] spip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2794-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 10, 2013 http://www.debian.org/security/faq -...

Cisco Security Monitoring, Analysis and Response System crossite scripting

Crossite scripting in web interface...

[USN-2051-1] GIMP vulnerability

========================================================================== Ubuntu Security Notice USN-2051-1 December 09, 2013 gimp vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

GNU GIMP memory corruption

Memory corruption on XWD files parsing...

SQL Injection in appRain

Advisory ID: HTB23177 Product: appRain Vendor: appRain Vulnerable Versions: 3.0.2 and probably prior Tested Version: 3.0.2 Advisory Publication: October 9, 2013 without technical details Vendor Notification: October 9, 2013 Public Disclosure: November 6, 2013 Vulnerability Type: SQL Injection...

Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability

Document Title: =============== Bluetooth U v1.2.0 iOS - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1111 Release Date: ============= 2013-10-16 Vulnerability Laboratory ID VL-ID: ====================================...

wordpress jigoshop Plugin path disclosure vulnerabilities

the following directories is vulnerable to path disclosure vulnerability in wordpress jigoshop Plugin 1.8 @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@ @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@...

D-Link DIR-XXX remote root access exploit.

General info: ============= A lot have been already said about SOHO routers. Thus, without further ado another nail in the coffin. knock knock =========== -- cut !/bin/sh if -z "$1" ; then echo "d-link DIR-300 all, DIR-600 all, DIR-615 fw 4.0"; echo "exploited by AKAT-1,...

Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities

Document Title: =============== Appologics AirBeam v1.9.2 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1140 Release Date: ============= 2013-11-20 Vulnerability Laboratory ID VL-ID: ==================================...

vBulletin remote admin injection exploit

!/usr/bin/perl Title: vBulletin remote admin injection exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Coded: 17 September 2013 Published: 24 October 2013 MorXploit Research http://www.MorXploit.com Vendor: vBulletin www.vbulletin.com Version: 4.1.x / 5.x.x Vulnerability: Remote admi...

Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities

Quarterly update fixes over 130 vulnerabilities in different products...

ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability

Document Title: =============== ILIAS eLearning 4.3.4 & 4.4 CMS - Persistent Notes Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1122 Release Date: ============= 2013-10-27 Vulnerability Laboratory ID VL-ID:...

Print n Share v5.5 iOS - Multiple Web Vulnerabilities

Document Title: =============== Print n Share v5.5 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1154 Release Date: ============= 2013-12-06 Vulnerability Laboratory ID VL-ID: ==================================== 1154...

XXE Injection in Spring Framework

Hello! I'll give you additional information concerning advisory XML External Entity XXE Injection in Spring Framework http://securityvulns.ru/docs29758.html. ------------------------- Affected products: ------------------------- - 3.0.0 to 3.2.3 Spring OXM & Spring MVC - 4.0.0.M1 Spring OXM -...

libjpeg multiple security vulnerabilities

Buffer overflow, uninitialized memory reference...

bugs in IJG jpeg6b & libjpeg-turbo

Dearly beloved, So, for one reason or another, the IJG jpeg library has gained some notoriety as one of the most robust pieces of complex, security-critical C code. Despite countless fuzzing efforts, I don't recall any reports of serious vulnerabilities at least since the release of jpeg6b in 199...

Chromium / Google Chrome multiple security vulnerabilities

Address spoofing, memory corruptions, buffer overflows...

[SECURITY] [DSA 2811-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2811-1 [email protected] http://www.debian.org/security/ Michael Gilbert December 07, 2013 http://www.debian.org/security/faq -...

SQL Injection in Dokeos

Advisory ID: HTB23181 Product: Dokeos Vendor: Dokeos Vulnerable Versions: 2.2 RC2 and probably prior Tested Version: 2.2 RC2 Advisory Publication: October 30, 2013 without technical details Vendor Notification: October 30, 2013 Public Disclosure: November 27, 2013 Vulnerability Type: SQL Injectio...

links browser integer overflow

Integer overflow on HTML tables parsing...

[SECURITY] [DSA 2807-1] links2 security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2807-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 30, 2013 http://www.debian.org/security/faq -...

RUCKUS ADVISORY ID 10282013 - User authentication bypass vulnerability in Ruckus Access Point's administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 10282013 Customer release date: Oct 28, 2013 Public release date: Nov 28, 2013 TITLE User authentication bypass vulnerability in Ruckus Access Point's administrative web interface SUMMARY An user authentication bypass vulnerability...

[SECURITY] [DSA 2803-1] quagga security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2803-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff November 26, 2013 http://www.debian.org/security/faq -...

quagga security vulnerabilities

OSPF parsing buffer overflow, BGP DoS...