RSS Feed » securiteam

« Expand/Collapse

securiteam

Skip to page: 1 2 3 ... 7

January 25, 2010
18:44
Publique! CMS and SQL Injection Vulnerabilities
» ‎ securiteam

A remotely exploitable vulnerability was found in the framework core component. Exploitation of this bug does not require authentication and will lead to remotely exposed potentially sensitive information from the Publique! database. Particularly, an attacker can extract usernames and passwords needed to authenticate to the administrative interface and gain full control of the web site and (depending on certain conditions) the server itself.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
18:24
LedgerSMB Multiple Vulnerabilities
» ‎ securiteam

It has been brought to our attention that a number of security vulnerabilities have been noted in SQL-Ledger. Several of these affect earlier versions of LedgerSMB, and three hotfixes have been released for problems that continue to affect the LedgerSMB codebase.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
17:27
Files2Links F2L-3000 SQL Injection Vulnerability
» ‎ securiteam

The login page of the F2L-3000 version 4.0.0 is vulnerable to SQL Injection. Exploitation of the vulnerability may allow attackers to bypass authentication and access sensitive information stored on the device.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
January 04, 2010
12:26
Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability
» ‎ securiteam

Insecure permissions have been detected in the multiple Kaspersky Lab antivirus products.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
12:20
HP-UX Running Apache Data Injection and DoS Vulnerability
» ‎ securiteam

A potential security vulnerability has been identified with HP-UX running Apache v2.0.59.12 and earlier. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
January 02, 2010
11:51
MIT krb5 KDC denial of service in cross-realm referral processing
» ‎ securiteam

An unauthenticated remote attacker could cause the KDC to crash due to a null pointer dereference. Legitimate requests can also cause this crash to occur.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
11:40
Trango Broadband Wireless Rogue SU Authentication Bug
» ‎ securiteam

Currently there is a flaw in the authentication mechanism of these radios which, if an attacker knows some details, can allow interception of ethernet packets broadcast from the Access Point to the Subscriber Unit and potentially allows injection into the communication from the Subscriber Unit to the Access Point.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
January 01, 2010
16:52
Exposing HMS HICP Protocol and Intellicom NetBiterConfig.exe Remote Buffer Overflow
» ‎ securiteam

SCADA weaknesses created by HICP Protocol and NetBiter WebSCADA.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
16:38
AproxEngine Multiple Vulnerabilities
» ‎ securiteam

Vulnerabilities have been discovered in AproxEngine, which can be exploited by malicious users to manipulate certain data, conduct spoofing, SQL injection, and script insertion attacks and by malicious people to conduct SQL injection and script insertion attacks.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 17, 2009
16:51
APC Switched Rack PDU XSS Vulnerability
» ‎ securiteam

The APC Switch RACK PDU web administration login page is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
16:45
HP-UX Running OpenSSL Unauthorized Data Injection and Denial of Service
» ‎ securiteam

A potential security vulnerability has been identified with HP-UX OpenSSL. The vulnerability could be exploited remotely to inject unauthorized data or to create a Denial of Service (DoS).
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
16:16
Family Connections Multiple Remote Vulnerabilities
» ‎ securiteam

Many fields are not properly sanitised and some checks can be bypassed.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
16:07
VideoCache vccleaner Root Vulnerability
» ‎ securiteam

VideoCache is a Squid URL rewriter plugin written in Python for bandwidth optimization while browsing video sharing websites. Version 1.9.2 allows a user with the privileges of the Squid proxy server to append semi-arbitrary data to arbitrary files with root privileges, upon the administrator's execution of the 'vccleaner' utility.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
15:57
QuickHeal Antivirus 2010 Local Privilege Escalation
» ‎ securiteam

All files under the install folder have Full control for BUILTINusers and can be replace with malicious files.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 15, 2009
15:18
DubSite CMS Cross Site Request Forgery Vulnerability
» ‎ securiteam

An attacker is able to change the password of the administrative user thus having complete control over the site. The risk is estimated as HIGH.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
15:09
SonicWall Global Management System XSS Vulnerability
» ‎ securiteam

An attacker can steal visitor and administor cookies or session id using XSS and accomplish successful phishing attacks with the real website address.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
15:09
Sonicwall NSA E7500 XSS Vulnerability
» ‎ securiteam

Using XSS an attacker can steal users and admin cookies or session id.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
15:04
Juniper Security Threat Response Manager XSS Vulnerability
» ‎ securiteam

An attacker can run XSS and Stored XSS attacks on Juniper Security Threat Response Manager users and admin.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 13, 2009
20:21
HP OpenView NNM snmpviewer.exe CGI Host Header Stack Overflow Vulnerability
» ‎ securiteam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 11, 2009
12:42
Piwik Cookie Unserialize Vulnerability
» ‎ securiteam

Piwik unserializes() user input which allows an attacker to send a carefully crafted cookie that when unserialized utilizes Piwik's classes to upload arbitrary files or execute arbitrary PHP code.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 09, 2009
20:07
Microsoft Indeo Codec Memory Corruption Vulnerability
» ‎ securiteam

The Indeo codec on systems running Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow code to run on users systems when opening specially crafted content.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
19:39
HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability
» ‎ securiteam

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett-Packard OpenView Network Node Manager. Authentication is not required to exploit this vulnerability.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
19:33
HP-UX Running VRTSweb Remote Execution of Arbitrary Code and Privilege Escalation
» ‎ securiteam

A potential security vulnerability has been identified with HP-UX running VRTSweb version 5.0. The vulnerability could be exploited remotely to execute arbitrary code or increase privilege.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
December 08, 2009
16:49
Invision Power Board SQL PHP File Inclusion and SQL Injection
» ‎ securiteam

Invision Power Board has a PHP file inclusion vulnerability that is trivial to exploit with a web browser and a known location of a php file residing on the target system. Authorisation is not required. The SQL injection vulnerability is somewhat tricky to exploit as there are quite a few restrictions that make creating a successful sql attack vector difficult. Nevertheless a crafty attacker might issue a series of requests that might allow him to gain some information about the target system or even read files from the disk depending on permissions granted to the db account that is used by the forum.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!
16:21
FreeBSD SSL and TLS Session Renegotiation vulnerability
» ‎ securiteam

The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.
-

Make your website safer. Use external penetration testing service. First report ready in one hour!

Skip to page: 1 2 3 ... 7

← carnal0wnage wirevolution →

RSS Feed » securiteam

securiteam