NFRAgent.exe, a component of Novell File Reporter (NFR), allows remote attackers to upload arbitrary files via a directory traversal while handling requests to /FSF/CMD with FSFUI records with UICMD 130. This Metasploit module has been tested successfully against NFR Agent 1.0.4.3 (File Reporter 1.0.2) and NFR Agent 1.0.3.22 (File Reporter 1.0.1).
6e8968d0aa343e5878b656cc49cedf13effdc0839611e2fbdacf11ca679628df
This is a whitepaper called Guidelines for Pen-testing a Joomla Based Site.
7a8cac0307908cecd1cae37fd4ab169ed3f47a3751ee4d0d5a3576aeab6f0cba
Friendsinwar FAQ Manager suffers from a remote SQL injection vulnerability.
92e36cb7108edc9a74b69d10351949489ad7b525325db1dfa75164b9de07491d
Open-Realty versions 2.5.8 and below suffer from a cross site request forgery vulnerability.
92329b7043af1d4783fb11947d21277ddc61a87ca7d8cda419922fc9dd67a8c8
This is a presentation given at Devoxx that goes into detail about the Oracle Java vulnerabilities discussed in SE-2012-01.
49d02139ee9c74682ac34a668af63077f0e2e4b0d473c32bb2104c25866d4982
This is the technical report detailing the Oracle Java vulnerabilities originally noted in SE-2012-01.
d00c5da4cf880cde2e84ea74745b16dbc8e7132738d0d05fc29c596259008c0d
Secunia Security Advisory - ABB has acknowledged a vulnerability in AC500 PLC, which can be exploited by malicious people to compromise a vulnerable system.
7f685a60dc4371e4910ac105b53ac1c57c4f9c282a5eadd6fba0b2486a29a90c
Secunia Security Advisory - Core Security Technologies has reported a vulnerability in VMware ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).
f3ff417e0c7e13fcace6e50795caf51f2642d6c8ae2577837c883cb0fa535149
Secunia Security Advisory - SUSE has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and potentially gain escalated privileges.
f87a1d4bf36e8f926d22ed9716e1395eb296be66d0ac4472c47a59ef60778337
Secunia Security Advisory - Multiple vulnerabilities have been reported in MYRE Vacation Rental Software, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
43dd8b7649be5bee5721898f47e15b107cafc695b7db1ca2c9a9ada503f1bcc8
Secunia Security Advisory - Red Hat has issued an update forjava-1.7.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
a1911843ceb6406188cca01910c9f511da53af18ec7876f6d090fcbcc2263384
Secunia Security Advisory - Red Hat has issued an update for java-1.6.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
fca1d3b0ebeaa083e8328fa24e3b3dede969feb9ae7019e5491032e8629abf04
Secunia Security Advisory - Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
dce30a662104129d64c884674cb975c78c4970d5cdd7d3e11e596b4432bd28db
Secunia Security Advisory - Debian has issued an update for typo3-src. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks, bypass security restrictions, and conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.
58222bafd4e557dba39c1a9b403b7dd0ea4aa2450141da0a80254814d32988fa
Secunia Security Advisory - Some vulnerabilities have been reported in VMware ESX Server, which can be exploited by malicious, local users to potentially disclose sensitive information and by malicious people to disclose potentially sensitive information, conduct spoofing and cross-site scripting attacks, and cause a DoS (Denial of Service).
4572fd073f059a8765bbd5d600597d938d3161f381a20b50df2f883b256aae4b
Secunia Security Advisory - A vulnerability has been reported in MYRE Realty Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
966afe0a4282abd88f468580f88dfc99304d1dd6b9c4ff914fb776a9afa00e6f
Secunia Security Advisory - A vulnerability has been reported in Hitachi Device Manager Software, which can be exploited by malicious people to cause a DoS (Denial of Service).
6337d6a116964be045f64c0c344ad2f5073d4bd79f28b849e991fab8fb1ee40a
Secunia Security Advisory - A vulnerability has been reported in Myrephp Business Directory, which can be exploited by malicious people to conduct cross-site scripting attacks.
aa0a9da26f12b3a1466ca4136b336024aa40b9e361f67729db4c0838cd5c3f44
Secunia Security Advisory - Ubuntu has issued an update for libtiff. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system.
96fbb200250d6fb92a5a3dc0383f7b38f03c6e6459d65997c7f065db8a9e98b0
Secunia Security Advisory - A weakness has been reported in the Table of Contents module for Drupal, which can be exploited by malicious people to disclose potential sensitive information.
e31d9a42381736ab185986289a38f920b3a5064cd3775c2f0950d50fd8daf898
Secunia Security Advisory - A vulnerability has been reported in JP1/Automatic Job Management System, which can be exploited by malicious people to cause a DoS (Denial of Service).
cae98361bcfb5c078423578ef7cb4da488460515788564807250e83cee126ec1
Secunia Security Advisory - Ubuntu has issued an update for python-django. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information.
09e817217bb2e3eb5b7277ffad57dc651b7392f557cd9f2ed28bb554b3353326
Zero Day Initiative Advisory 12-186 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of RTF files. The code responsible for lexing control words from the input file does not properly validate that all objects are properly defined. By removing terminating values within an RTF file an attacker can cause the program to re-use a freed object. Combined with basic memory layout control an attacker can abuse this situation to achieve code execution under the context of the user running the application.
9335cf35112e6a5fa2f4b08c7f90e422e086a84a52fa98f66f3e2dbd9f174d4b
Zero Day Initiative Advisory 12-185 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Mac OSX. Authentication is not required to exploit this vulnerability. The flaw exists within the DirectoryService daemon. This process listens on TCP port 625 by default on Mac OSX Server pre 10.7. Request types to the service include a sComProxyData structure having a translate field which is responsible for describing the endianness of the payload. When passing a message to SwapProxyMessage for byte-reordering, multiple user controlled fields are trusted including lengths and offsets. When processing this data with DSSwapObjectData, the process will address memory out of the bounds of the allocated region. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the process.
13d8bba137d0ff0748960521e2c159cf7f506be7b33eda7dae1e4f8d440a588e
Applicure dotDefender WAF versions 4.26 and below suffer from a format string vulnerability.
b0d30665e6fdf30c97b86937ab446b3cbc76ca5d1425fb453916aa7205a4a6cb