Joomla Phocagallery component versions 3.0.0 through 4.0.0 suffer from a cross site scripting vulnerability.
7ac32fc5334a6c47399759bb86d3ae214d11b769a06e56788ca9a188b94cbb3b
The Joomla JooDatabase component suffers from a remote SQL injection vulnerability.
d2f7d992ea4f21ee7fe16e184118c04b15166f192a9b59339d52fe06ee324110
Secunia Security Advisory - A vulnerability with an unknown impact has been reported in the NinjaXplorer component for Joomla!.
6abe96039f8615e429097afdf6b97e87d074745c326fb901a19c22e5333853cd
Secunia Security Advisory - A vulnerability has been discovered in the ccNewsletter component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
be98197b175615c957bf8d244d36418865e2d8aa9e58b058ffd27b84e72c8065
Red Hat Security Advisory 2012-0519-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.1 serves as a replacement for JBoss Enterprise Portal Platform 5.2.0, and includes bug fixes.
4c2d7e867f2236c82154ad3fdca5b623e021c311c49562d7e1ef097fb83249f5
The Joomla Video Gallery component suffers from local file inclusion and remote SQL injection vulnerabilities.
462e3a42ad4cdf7f3d4b4fc799263665b5f88d737088527e7db190630d754023
Security-Assessment.com has discovered that components of the Oracle GlassFish Server administrative web interface are vulnerable to both reflected and stored cross site scripting attacks. All pages where cross site scripting vulnerabilities were discovered require authentication. Oracle GlassFish Server version 3.1.1 build 12 is affected.
483308f8a564fa501d764b451f997bd57808a2fe9a67f2ce80beea114ee97f8c
VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused by a use-after-free error within the "vgx.dll" component when processing certain VML behaviors, which could be exploited by attackers to compromise a vulnerable system by tricking a user into visiting a specially crafted web page.
b26b14f8e0513c5015cfa528b828f45892990e4d864673868941be4f05ba2bf9
Secunia Security Advisory - A weakness has been reported in the Phoca Favicon component for Joomla!, which can be exploited by malicious, local users to manipulate certain data and potentially gain escalated privileges.
4944d8c9aa85c5af39e50ddc949164a66bcaf52bbbee5dd59cf81f47b7627170
Joomla Beatz component version 1.x suffers from a cross site scripting vulnerability.
b84b94a45bc53d232a111d9bdd1d9c10c5df673197a35b8910ddb9fad3485de7
The Joomla Ponygallery component suffers from a remote SQL injection vulnerability.
67e7bbee49917d860c028293a4907a46b89ac089c97cec57c928ba5e9e7e1dab
This Metasploit module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The activeX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfill the requirement that EAX points to part of the ROP chain in a heap chunk and the calculated call will hit the pivot in a separate heap chunk. This will take some time in the users browser.
d1cef6f9fc00e9c87f66184e541a23b487e22d0bf005602e5a91c795be80bb5e
Technical Cyber Security Alert 2012-101B - Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.
7b6efa396060be88ab58d1b9ba817b6174c0d8cac6c5b6a361ff1c72175a2467
The Joomla The Estate Agent component suffers from a remote SQL injection vulnerability.
f8119363f3290801042b0f1c3735641f9fc59f70c8602592130260e11f967745
The Joomla Bearleague component suffers from a remote SQL injection vulnerability.
c05f4b345fb2d1016095fd8e718636b8bde10eb1010efcb48159aaf1c75cf9ef
Zero Day Initiative Advisory 12-055 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the WebCore component as used by WebKit. Specifically within the handling of element properties. When importing a node having a nonattribute property such as an attached event, an object is improperly freed and accessed. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the browser.
d921ddf2635cdab4f6571381dd2e3b6fa6a4467d1396858dff4d080edc7e7e80
Secunia Security Advisory - A vulnerability has been discovered in the VirtueMart component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks.
1c26bf7398356770e92f6f78db5774b4ded00cca2a4204543e318b9e8ae6ab0d
The Flexicontent component in E107 version 1.0.0 suffers from a remote SQL injection vulnerability.
415819e480c87949196e8660c90b6a6e0bf85fc7176806049bb428ec4a657981
HP Security Bulletin HPSBUX02755 SSRT100667 - A potential security vulnerability has been identified with certain HP-UX WBEM components. The vulnerability could be exploited remotely in HP-UX 11.11 and HP-UX 11.23 to gain unauthorized access to diagnostic data. The vulnerability could be exploited locally in HP-UX 11.31 to gain unauthorized access to diagnostic data. Revision 1 of this advisory.
9fd07bfa8869f71cca9fb93250c1b9fbc51d1386af49bf4fc333d3853b6b9890
An XML External Entity (XXE) attack is possible in OpenOffice.org versions 3.3 and 3.4 Beta. This vulnerability exploits the way in which external entities are processed in certain XML components of ODF documents.
8eebd992aa35f4faf62775e9bf55d28de394b1f4f67b8928b0375d38ba17a838
This Metasploit module exploits a vulnerability in Dell Webcam's CrazyTalk component. Specifically, when supplying a long string for a file path to the BackImage property, an overflow may occur after checking certain file extension names, resulting in remote code execution under the context of the user.
c9f9dfe042de7f5d659677f6a10aa38d77f8bd3e8e047325d2dceb11e6f8874c
This Metasploit module exploits a vulnerability found in Internet Explorer's mshtml component. Due to the way IE handles objects in memory, it is possible to cause a pointer in CTableRowCellsCollectionCacheItem::GetNext to be used even after it gets freed, therefore allowing remote code execution under the context of the user. This particular vulnerability was also one of 2012's Pwn2Own challenges, and was later explained by Peter Vreugdenhil with exploitation details. Instead of Peter's method, this module uses heap spraying like the 99% to store a specially crafted memory layout before re-using the freed memory.
80aa8fe12f19503ea93e85f9cbe5047a17dec97794103ad2756b25cd88a949ee
The XMLEncoder component of Symfony version 2.0.x fails to disable external entities when parsing XML. In the Symfony2 framework the XML class may be used to deserialize objects or as part of a client/server API. By using external entities it is possible to include arbitrary files from the file system. Any application written in Symfony2 that parses user supplied XML is affected.
41c5e9ed24bcfedc86e11b0fbb5e857209c2e898342bd3b498a8707a5985fdad
Red Hat Security Advisory 2012-0345-02 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. It was found that JBoss Web did not handle large numbers of parameters and large parameter values efficiently. A remote attacker could make JBoss Web use an excessive amount of CPU time by sending an HTTP request containing a large number of parameters or large parameter values. This update introduces limits on the number of parameters and headers processed per request to address this issue. The default limit is 512 for parameters and 128 for headers. These defaults can be changed by setting the org.apache.tomcat.util.http.Parameters.MAX_COUNT and org.apache.tomcat.util.http.MimeHeaders.MAX_COUNT system properties in "jboss-as/server/[PROFILE]/deploy/properties-service.xml".
5f8ed354af7f93aae635f0011391c698a68ac7e5da46495e45b1d1b424d2b453
This Metasploit module exploits a vulnerability in the CmdProcessor.exe component of Trend Micro Control Manager up to version 5.5. The specific flaw exists within CmdProcessor.exe service running on TCP port 20101. The vulnerable function is the CGenericScheduler::AddTask function of cmdHandlerRedAlertController.dll. When processing a specially crafted IPC packet, controlled data is copied into a 256-byte stack buffer. This can be exploited to execute remote code under the context of the user.
a04483c90d2ea44a263aa576ce03bb6bfbcf03f1fa5d6ff7e8b522c7b58f3163
Joomla web scanning perl script that gets the version, components and shows possible bugs.
dbf6afebc08cfab8556c7d449c2714a2f927de9e575f463d09ddc670e6dbb60d