WLB2 Database - CXSecurity.com

ScriptFu Server Buffer Overflow in GIMP <= 2.6

Joseph Sheridan of Reaction Information Security — Thu, 31 May 2012 08:02:02 +0200

Topic: ScriptFu Server Buffer Overflow in GIMP <= 2.6 Risk: Low Text:Vulnerability Summary == There is a buffer overflow in the script-fu server component of GIMP (the GNU Image Manipula...

Wireless Manager Sony VAIO 4.0.0.0 Buffer Overflows

High-Tech Bridge SA — Thu, 31 May 2012 07:52:01 +0200

Topic: Wireless Manager Sony VAIO 4.0.0.0 Buffer Overflows Risk: High Text:Advisory ID: HTB23063 Product: Wireless Manager Sony VAIO Vendor: Sony Computers Vulnerable Version(s): 4.0.0.0 and probably...

Mapserver 3.0.4 (Windows) Remote Code Execution

Mike Arnold — Thu, 31 May 2012 07:51:30 +0200

Topic: Mapserver 3.0.4 (Windows) Remote Code Execution Risk: High Text: - 1) Overview Title: Mapserver for Windows (MS4W) Remote Code Execution Product: Mapserver for Windows (MS4W) Produ...

.NET 4 Remote Code Execution

James Forshaw — Thu, 31 May 2012 07:50:38 +0200

Topic: .NET 4 Remote Code Execution Risk: High Text: =ADVISORY = Systems Affected: .NET 1.0 through .NET 4 Severity: High Category: Remote Code Execu...

PHP Agenda 2.2.8 SQLi Vulnerability

loneferret — Thu, 31 May 2012 07:43:11 +0200

Topic: PHP Agenda 2.2.8 SQLi Vulnerability Risk: Medium Text:# Title:Simple PHP Agenda 2.2.8 SQLi Vulnerability # Version: php-agenda 2.2.8 # Author/Found by: loneferret # Manifacturer/...

Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection

X-Cisadane — Thu, 31 May 2012 07:39:04 +0200

Topic: Ganesha Digital Library 4.0 Cross Site Scripting / SQL Injection Risk: Medium Text: == Ganesha Digital Library 4.0 Multiple Vulnerabilities == : ...

Drupal Counter 6.x SQL Injection

Balazs Dianiska — Thu, 31 May 2012 07:36:30 +0200

Topic: Drupal Counter 6.x SQL Injection Risk: Medium Text:View online: http://drupal.org/node/1608854 * Advisory ID: DRUPAL-SA-CONTRIB-2012-089 * Project: Counter [1] (third-par...

Drupal Mobile Tools 6.x Cross Site Scripting

Justin Klein Keane — Thu, 31 May 2012 07:35:02 +0200

Topic: Drupal Mobile Tools 6.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1608828 * Advisory ID: DRUPAL-SA-CONTRIB-2012-088 * Project: Mobile Tools [1] (thir...

Drupal Comment Moderation 6.x Cross Site Request Forgery

Dylan Tack — Thu, 31 May 2012 07:34:31 +0200

Topic: Drupal Comment Moderation 6.x Cross Site Request Forgery Risk: Low Text:View online: http://drupal.org/node/1608822 * Advisory ID: DRUPAL-SA-CONTRIB-2012-087 * Project: Comment Moderation [1]...

Drupal Amadou 6.x Cross Site Scripting

Matt Chapman — Thu, 31 May 2012 07:33:54 +0200

Topic: Drupal Amadou 6.x Cross Site Scripting Risk: Low Text:View online: http://drupal.org/node/1608780 * Advisory ID: DRUPAL-SA-CONTRIB-2012-086 * Project: Amadou [1] (third-part...

StyleDesign SQL Injection

TheCyberNuxbie — Thu, 31 May 2012 07:33:12 +0200

Topic: StyleDesign SQL Injection Risk: Medium Text: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx StyleDesign - Multiple SQL Injection Vulnerabi...

NewsAdd 1.0 SQL Injection

WhiteCollarGroup — Thu, 31 May 2012 07:31:56 +0200

Topic: NewsAdd 1.0 SQL Injection Risk: Medium Text:# Exploit Title: NewsAdd <=1.0 Multiple SQL Injection # Google Dork: -- # Date: 2012/05/29 # Author: WhiteCollarG...

Ibaguenet SQL Injection

TheCyberNuxbie — Thu, 31 May 2012 07:31:53 +0200

Topic: Ibaguenet SQL Injection Risk: Medium Text: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Ibaguenet - SQL Injection Vulnerability ...

WHMCS 5 Multiple CSRF (Add Admin) and XSS Vulnerability

Shadman Tanjim — Wed, 30 May 2012 07:39:23 +0200

Topic: WHMCS 5 Multiple CSRF (Add Admin) and XSS Vulnerability Risk: Low Text: ## # Title: WHMCS 5 Multiple CSRF (Add Admin) and XSS Vulnerability # Version: Latest version 5.1 and other previous versio...

LibreOffice 3.5.3 crash when FILEOPEN particular .rtf

shinnai — Wed, 30 May 2012 07:37:09 +0200

Topic: LibreOffice 3.5.3 crash when FILEOPEN particular .rtf Risk: Low Text:

PBBoard 2.1.4 Cross Site Request Forgery

KedAns-Dz — Wed, 30 May 2012 07:35:28 +0200

Topic: PBBoard 2.1.4 Cross Site Request Forgery Risk: Low Text: # Title : PBBoard v2.1.4 (CSRF) Arbitrary File Upload and Command Execution (MSF) # Author : KedAns-Dz # E-mail : ked-h (@...

WinRadius 2009 Denial Of Service

Dark2S Security Team/PolyU.HK — Wed, 30 May 2012 07:33:11 +0200

Topic: WinRadius 2009 Denial Of Service Risk: Medium Text:Title: WinRadius Server Denial Of Service Vulnerability Software : WinRadius Software Version : v2009 Vendor: http://www...

Tftpd32 DNS 4.00 Denial Of Service

Dark2S Security Team/PolyU.HK — Wed, 30 May 2012 07:32:50 +0200

Topic: Tftpd32 DNS 4.00 Denial Of Service Risk: Medium Text:Title: Tftpd32 DNS Server Denial Of Service Vulnerability Software : Tftpd32 Software Version : v4.00 Vendor: http://tft...

Yamamah 1.1.0 Database Disclosure

L3b-r1'z — Wed, 30 May 2012 07:32:09 +0200

Topic: Yamamah 1.1.0 Database Disclosure Risk: High Text:# # Author : L3b-r1'z Title : Yamamah Database backup Download Date : 5/27/2012 Email : L3br1z@Gmail.com Sit...

ispVM System 18.0.2 XCF File Handling Overflow

Unknown — Wed, 30 May 2012 07:27:24 +0200

Topic: ispVM System 18.0.2 XCF File Handling Overflow Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

Topics Viewer 2.3 Local File Inclusion / SQL Injection

n4ss1m — Wed, 30 May 2012 07:26:18 +0200

Topic: Topics Viewer 2.3 Local File Inclusion / SQL Injection Risk: Medium Text: # Exploit Title: Topics viewer v 2.3 Multiple Vulnerabilities # Software Link: http://nileho...

PHP Volunteer Management System 1.0.2 Cross Site Scripting / Shell Upload

Ashoo — Wed, 30 May 2012 07:25:26 +0200

Topic: PHP Volunteer Management System 1.0.2 Cross Site Scripting / Shell Upload Risk: High Text:# Exploit Title: PHP Volunteer Management System v 1.0.2 Multiple Vulnerabilities # Date: 05/28/12 # Author: Ashoo # Mail: a...

PHP Volunteer Management System 1.0.2 SQL Injection

loneferret — Wed, 30 May 2012 07:25:00 +0200

Topic: PHP Volunteer Management System 1.0.2 SQL Injection Risk: Medium Text:# Title: PHP Volunteer Management System v 1.0.2 multiple SQLi Vulnerabilities # Version: 1.0.2 # Author/Found by: loneferret...

SCLIntra Enterprise SQL Injection / Authentication Bypass

r@b13$ — Wed, 30 May 2012 07:23:48 +0200

Topic: SCLIntra Enterprise SQL Injection / Authentication Bypass Risk: Medium Text:Title -- DDIVRT-2012-43 SCLIntra Enterprise SQL Injection and Authentication Bypass Severity -- High Date Discover...

PBBoard 2.1.4 Local File Inclusion

n4ss1m — Wed, 30 May 2012 07:23:01 +0200

Topic: PBBoard 2.1.4 Local File Inclusion Risk: Medium Text: # Exploit Title: PBBoard 2.1.4 Local File Inclusion # Software Link: http://www.pbboard.com/...

MPlayer SAMI Subtitle File Buffer Overflow

Jacques Louw — Wed, 30 May 2012 07:22:38 +0200

Topic: MPlayer SAMI Subtitle File Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

PBBoard 2.1.4 SQL Injection

loneferret — Wed, 30 May 2012 07:21:48 +0200

Topic: PBBoard 2.1.4 SQL Injection Risk: Medium Text:# Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities # Version: 2.1.4 # Author/Found by: loneferret # Software Site: http:/...

VAMCart-InternetShop 0.9 File Upload Code Execution

KedAns-Dz — Wed, 30 May 2012 07:21:07 +0200

Topic: VAMCart-InternetShop 0.9 File Upload Code Execution Risk: High Text:require 'msf/core' class Metasploit3 < Msf::Exploit::Remote include Msf::Exploit::Remote::HttpClient def initializ...

VAMCart-InternetShop 0.9 Cross Site Request Forgery / Shell Upload

KedAns-Dz — Wed, 30 May 2012 07:20:32 +0200

Topic: VAMCart-InternetShop 0.9 Cross Site Request Forgery / Shell Upload Risk: High Text: # Title : VAMCart-InternetShop v0.9 (XSRF/FileUpload) Vulnerabilities # Author : KedAns-Dz # E-mail : ked-h (@hotmail.com...

iOS 5.1.1 Safari Browser Denial Of Service

Alberto Ortega — Mon, 28 May 2012 03:47:20 +0200

Topic: iOS 5.1.1 Safari Browser Denial Of Service Risk: Medium Text:#!/usr/bin/env ruby # - Title # iOS <= v5.1.1 Safari Browser JS match(), search() Crash PoC # - Author # Alberto Ortega...

QuickShare File Share 1.2.1 Directory Traversal

sinn3r — Mon, 28 May 2012 03:46:27 +0200

Topic: QuickShare File Share 1.2.1 Directory Traversal Risk: Medium Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

Santilga CMS 1.2.6.3 SQL Injection / Cross Site Request Forgery

AkaStep — Mon, 28 May 2012 03:45:48 +0200

Topic: Santilga CMS 1.2.6.3 SQL Injection / Cross Site Request Forgery Risk: Medium Text: == Vulnerable software: Santilga CMS version 1.2.6.3 $ head -n 10 Admin.php|less

Symantec Web Gateway 5.0.2 Local File Inclusion

muts — Mon, 28 May 2012 03:44:10 +0200

Topic: Symantec Web Gateway 5.0.2 Local File Inclusion Risk: Medium Text:#!/usr/bin/python # Symantec Web Gateway 5.0.2 Remote LFI root Exploit Proof of Concept # Exploit requires no authenticati...

Small CMS PHP Code Injection

L3b-r1'z — Mon, 28 May 2012 03:42:57 +0200

Topic: Small CMS PHP Code Injection Risk: High Text:

PHP List 2.10.9 PHP Code Injection

L3b-r1'z — Mon, 28 May 2012 03:42:14 +0200

Topic: PHP List 2.10.9 PHP Code Injection Risk: High Text:# # # Author : L3b-r1'z # Title : Php List 2.10.9 Remote PHP Code Injection # Date : 5/25/2012 # Email : L3br...

AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal

AkaStep — Mon, 28 May 2012 03:39:07 +0200

Topic: AzDGDatingMedium 1.9.3 XSS / CSRF / SQL Injection / Directory Traversal Risk: Medium Text: = Vulnerable Software: AzDGDatingMedium Version 1.9.3 Official Site: http://www.azdg.com/ ...

WhyWeb SQL Injection

TheCyberNuxbie — Mon, 28 May 2012 03:37:59 +0200

Topic: WhyWeb SQL Injection Risk: Medium Text: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx WhyWeb - SQL Injection Vulnerability ...

bsnes v0.87 Local Daniel Of Service

Pr0T3cT10n — Sat, 26 May 2012 11:16:59 +0200

Topic: bsnes v0.87 Local Daniel Of Service Risk: Low Text:

RabidHamster R4 Log Entry sprintf() Buffer Overflow

Luigi Auriemma — Sat, 26 May 2012 11:14:30 +0200

Topic: RabidHamster R4 Log Entry sprintf() Buffer Overflow Risk: High Text:## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please...

pragmaMx 1.12.1 Cross Site Scripting

High-Tech Bridge SA — Sat, 26 May 2012 11:13:49 +0200

Topic: pragmaMx 1.12.1 Cross Site Scripting Risk: Low Text:Advisory ID: HTB23090 Product: pragmaMx Vendor: pragmaMx Team Vulnerable Version(s): 1.12.1 and probably prior Tested Versi...