Linux Kernel 3.3.x <= 3.3.4 Buffer overflow in HFS plus filesystem

Timo Warns — Wed, 16 May 2012 19:13:50 +0200

Topic: Linux Kernel 3.3.x <= 3.3.4 Buffer overflow in HFS plus filesystem Risk: High Text:PRE-CERT Security Advisory == * Advisory: PRE-SA-2012-03 * Released on: 10 May 2012 * Affected product: Linux Ker...

Artiphp CMS 5.5.0 DB Backup Disclosure Exploit

Gjoko 'LiquidWorm' Krstic — Wed, 16 May 2012 19:11:48 +0200

Topic: Artiphp CMS 5.5.0 DB Backup Disclosure Exploit Risk: High Text:

Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities

Gjoko 'LiquidWorm' Krstic — Wed, 16 May 2012 19:09:09 +0200

Topic: Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities Risk: Low Text:Artiphp CMS v5.5.0 Multiple XSS POST Injection Vulnerabilities Vendor: Artiphp Product web page: http://www.artiphp.com Af...

backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability

Gjoko 'LiquidWorm' Krstic — Wed, 16 May 2012 19:07:45 +0200

Topic: backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability Risk: Low Text:backupDB() v1.2.7a (onlyDB) Remote XSS Vulnerability Vendor: SiliSoftware Product web page: http://www.silisoftware.com ...

phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability

Gjoko 'LiquidWorm' Krstic — Wed, 16 May 2012 19:06:59 +0200

Topic: phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability Risk: Low Text:phpThumb() v1.7.11 (dir & title) Cross-Site Scripting Vulnerability Vendor: SiliSoftware Product web page: http://www.sil...

Apple Quicktime .pct Parsing Memory Corruption

Rodrigo Rubira Branco — Wed, 16 May 2012 07:48:40 +0200

Topic: Apple Quicktime .pct Parsing Memory Corruption Risk: High Text:Qualys Vulnerability & Malware Research Labs (VMRL) http://www.qualys.com http://www.dissect.pe Memory corruption when App...

Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting

Ivano Binetti — Wed, 16 May 2012 07:47:14 +0200

Topic: Axous 1.1.1 Cross Site Request Forgery / Cross Site Scripting Risk: Low Text:+ + # Exploit Title : Axous 1.1.1 Multiple Vulnerabilities (CSRF - Persist...

Multimedia Builder 4.9.8 Denial Of Service

Ahmed Elhady Mohamed — Wed, 16 May 2012 07:46:23 +0200

Topic: Multimedia Builder 4.9.8 Denial Of Service Risk: Medium Text:Multimedia Builder 4.9.8 Malicious mef File Denial of service == # Exploit Title:Multimedia Builde...

WordPress Track That Stat 1.0.8 Cross Site Scripting

Heine Pedersen and Torben Jensen — Wed, 16 May 2012 07:45:18 +0200

Topic: WordPress Track That Stat 1.0.8 Cross Site Scripting Risk: Low Text:We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the repo...

Liferay 5.x / 6.x Cross Site Scripting

Jelmer Kuperus — Wed, 16 May 2012 07:44:27 +0200

Topic: Liferay 5.x / 6.x Cross Site Scripting Risk: Low Text:Multiple xss issues in Liferay Description: Liferay Portal is an enterprise portal written in Java Multiple xss vulner...

TunInfo SQL Injection

TheCyberNuxbie — Wed, 16 May 2012 07:43:33 +0200

Topic: TunInfo SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ...

NTDS WebStudio SQL Injection

TheCyberNuxbie — Tue, 15 May 2012 07:25:37 +0200

Topic: NTDS WebStudio SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ...

b2ePMS 1.0 SQL Injection

Jean Pascal Pereira — Tue, 15 May 2012 07:24:19 +0200

Topic: b2ePMS 1.0 SQL Injection Risk: Medium Text: # b2ePMS 1.0 Authentication Bypass Vulnerability # Discovered by: Jean Pascal Pereira

Liferay Portal Privilege Escalation

Jelmer Kuperus — Tue, 15 May 2012 07:23:47 +0200

Topic: Liferay Portal Privilege Escalation Risk: Medium Text:Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: https://bugzil...

Firefox 8/9 AttributeChildRemoved() Use-After-Free

regenrecht — Tue, 15 May 2012 07:21:44 +0200

Topic: Firefox 8/9 AttributeChildRemoved() Use-After-Free Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

ICACLS.EXE Destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED

Stefan Kanthak — Tue, 15 May 2012 07:20:23 +0200

Topic: ICACLS.EXE Destroys SE_DACL_PROTECTED/SE_SACL_PROTECTED Risk: Low Text:Hi @ll, since Windows Vista resp. Windows Server 2003 Service Pack 2, the command line tool to modify/set file/directory pe...

WordPress WP-FaceThumb Gallery 0.1 Cross Site Scripting

Avram Marius Gabriel (d3v1l) — Tue, 15 May 2012 07:18:19 +0200

Topic: WordPress WP-FaceThumb Gallery 0.1 Cross Site Scripting Risk: Low Text: # Wordpress WP-FaceThumb Gallery Plugin <= 0.1 Reflected XSS Vulnerability # Plugin Page : http://wordpress.org/extend/p...

Universal Reader 1.16.740.0 Denial Of Service

demonalex — Tue, 15 May 2012 07:17:06 +0200

Topic: Universal Reader 1.16.740.0 Denial Of Service Risk: Medium Text:Title: Universal Reader Filename Denial Of Service Vulnerability Software : Universal Reader Software Version : 1.16.740.0 ...

Galette SQL Injection

Anon — Tue, 15 May 2012 07:16:35 +0200

Topic: Galette SQL Injection Risk: Medium Text:Source: http://www.securityfocus.com/bid/53463/info Galette is prone to an SQL-injection vulnerability because it fails to ...

Vallarta Web Services SQL Injection

TheCyberNuxbie — Tue, 15 May 2012 07:16:02 +0200

Topic: Vallarta Web Services SQL Injection Risk: Medium Text: 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ ...

NETGEAR WNDRMAC Exposure of Sensitive Information

Nathaniel Carew from Sense of Security Labs. — Sun, 13 May 2012 13:24:55 +0200

Topic: NETGEAR WNDRMAC Exposure of Sensitive Information Risk: High Text:Sense of Security - Security Advisory - SOS-12-005 Release Date. 13-May-2012 Last Update. - ...

NEC Backdoor Administrative Account

iSP0m — Sun, 13 May 2012 13:23:24 +0200

Topic: NEC Backdoor Administrative Account Risk: High Text: NEC Corp. has a product line of high perfomance servers - http://www.nec.com.sg/index.php?q=products/enterprise-servers ...

YIndexa SQL Injection

Th4 MasK — Sun, 13 May 2012 13:22:44 +0200

Topic: YIndexa SQL Injection Risk: Medium Text: ## ~ Exploit Title : Yndexa SQL Injecktion ~ Author : Th4 MasK ~ Vendor : http://www.in...

NetBill Billing System 1.2 CSRF / XSS

Vulnerability-Lab.com — Sun, 13 May 2012 13:22:18 +0200

Topic: NetBill Billing System 1.2 CSRF / XSS Risk: Low Text:Title: NetBill Billing System v1.2 - Multiple Web Vulnerabilites Date: == 2012-05-11 References: == http...

Travelon Express CMS 6.2.2 XSS / Shell Upload / SQL Injection

Vulnerability-Lab.com — Sun, 13 May 2012 13:21:51 +0200

Topic: Travelon Express CMS 6.2.2 XSS / Shell Upload / SQL Injection Risk: High Text:Title: Travelon Express CMS v6.2.2 - Multiple Web Vulnerabilities Date: == 2012-05-10 References: == htt...

Free Reality 3.1-0.6 XSS / CSRF / SQL Injection

Vulnerability-Lab.com — Sun, 13 May 2012 13:21:37 +0200

Topic: Free Reality 3.1-0.6 XSS / CSRF / SQL Injection Risk: Medium Text:Title: Free Reality v3.1-0.6 - Multiple Web Vulnerabilities Date: == 2012-05-07 References: == http://ww...

Viscacha Forum CMS 0.8.1.1 SQL Injection / XSS

Vulnerability-Lab.com — Sun, 13 May 2012 13:21:23 +0200

Topic: Viscacha Forum CMS 0.8.1.1 SQL Injection / XSS Risk: Medium Text:Title: Viscacha Forum CMS v0.8.1.1 - Multiple Web Vulnerabilities Date: == 2012-05-08 References: == htt...

Proman Xpress 5.0.1 SQL Injection / XSS

Vulnerability-Lab.com — Sun, 13 May 2012 13:21:06 +0200

Topic: Proman Xpress 5.0.1 SQL Injection / XSS Risk: Medium Text:Title: Proman Xpress v5.0.1 - Multiple Web Vulnerabilities Date: == 2012-05-09 References: == http://www...

GENU CMS 2012.4 CSRF / SQL Injection

Vulnerability-Lab.com — Sun, 13 May 2012 13:20:45 +0200

Topic: GENU CMS 2012.4 CSRF / SQL Injection Risk: Medium Text:Title: GENU CMS 2012.4 - Multiple Web Vulnerabilities Date: == 2012-05-06 References: == http://www.vuln...

Serendipity CMS 1.6 Cross Site Scripting

Vulnerability-Lab.com — Sun, 13 May 2012 13:20:26 +0200

Topic: Serendipity CMS 1.6 Cross Site Scripting Risk: Low Text:Title: Serendipity v1.6 CMS - Multiple Web Vulnerabilities Date: == 2012-05-05 References: == http://www...

GetSimple CMS 3.1 Cross Site Scripting

Vulnerability-Lab.com — Sun, 13 May 2012 13:20:06 +0200

Topic: GetSimple CMS 3.1 Cross Site Scripting Risk: Low Text:Title: GetSimple CMS v3.1 - Multiple Web Vulnerabilities Date: == 2012-05-04 References: == http://www.v...

Sockso 1.51 Cross Site Scripting

Ciaran McNally — Sun, 13 May 2012 13:19:22 +0200

Topic: Sockso 1.51 Cross Site Scripting Risk: Low Text: ## Application: Sockso http://sockso.pu-gh.com Versions: <= 1.5 Platf...

AnvSoft Any Video Conveter 4.3.6 Unicode Buffer Overflow

h1ch4m — Sun, 13 May 2012 13:19:02 +0200

Topic: AnvSoft Any Video Conveter 4.3.6 Unicode Buffer Overflow Risk: High Text:# Exploit Title: AnvSoft Any Video Converter 4.3.6 unicode buffer overflow. # Software Link: http://www.any-video-converter.co...

WikkaWiki 1.3.2 Spam Logging PHP Injection

sinn3r — Sat, 12 May 2012 17:36:39 +0200

Topic: WikkaWiki 1.3.2 Spam Logging PHP Injection Risk: Low Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

Distinct TFTP 3.01 Writable Directory Traversal Execution

sinn3r — Sat, 12 May 2012 17:35:55 +0200

Topic: Distinct TFTP 3.01 Writable Directory Traversal Execution Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

Owncloud 3.0.3 Clear Text Password Storage

Francesco Tornieri — Sat, 12 May 2012 17:35:07 +0200

Topic: Owncloud 3.0.3 Clear Text Password Storage Risk: Medium Text:Owncloud App "Ldap user backend" stored password in clear text Author: francesco.tornieri \"At\" verona-wireless.net Summa...

eLearning Server 4G Remote File Inclusion / SQL Injection

Eugene Salov — Fri, 11 May 2012 05:22:48 +0200

Topic: eLearning Server 4G Remote File Inclusion / SQL Injection Risk: High Text:# Exploit Title: eLearning Server Multiple Remote Vulnerabilities # Google Dork: intitle:"eLearning Server" # Date: 10.05.201...

Kerio WinRoute Firewall Source Code Disclosure

Eugene Salov — Fri, 11 May 2012 05:22:13 +0200

Topic: Kerio WinRoute Firewall Source Code Disclosure Risk: High Text:# Exploit Title: Kerio WinRoute Firewall Embedded Web ServerVersion: Source Code Disclosure # Google Dork: # Date: 10.05.2012...

Chevereto nb1.91 Denial Of Service

AkaStep — Fri, 11 May 2012 05:21:25 +0200

Topic: Chevereto nb1.91 Denial Of Service Risk: Medium Text: = Vulnerable Software: chevereto_nb1.91 Downloaded from: http://code.google.com/p/chevereto/down...

WordPress 2-Click-Socialmedia-Buttons Cross Site Scripting

Wordpress Security audit — Fri, 11 May 2012 05:18:37 +0200

Topic: WordPress 2-Click-Socialmedia-Buttons Cross Site Scripting Risk: Low Text: --BEGIN PGP SIGNED MESSAGE -- Hash: SHA1 Wordpress Security audit 2-click-socialmedia-buttons 1. Cross-site scripting ...

WLB2 Database - CXSecurity.com