BugTraq Mode:
(Page 5 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[ERPSCAN-16-023] Potential backdoor via hardcoded system ID 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP АBAP BASIS

Versions Affected: SAP АBAP BASIS 7.4

Vendor URL: http://SAP.com

Bugs: Hardcoded credentials

Sent: 01.02.2016

Reported:

[ more ]  [ reply ]
[ERPSCAN-16-022] SAP Hybris E-commerce Suite VirtualJDBC â?? Default Credentials 2016-08-16
ERPScan inc (erpscan online gmail com)
Application: SAP Hybris E-commerce Suite

Versions Affected: SAP Hybris E-commerce Suite 5.1.0.3

Vendor URL: http://sap.com

Bugs: Default credentials

Sent:

[ more ]  [ reply ]
Lepton CMS PHP Code Injection 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-PHP-CODE-INJECTION.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS 2.2.0 / 2

[ more ]  [ reply ]
Lepton CMS Archive Directory Traversal 2016-08-16
hyp3rlinx lycos com
[+] Credits: John Page (HYP3RLINX)

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/LEPTON-ARCHIVE-DIRECTORY-TRAV
ERSAL.txt

[+] ISR: ApparitionSec

Vendor:
==================
www.lepton-cms.org

Product:
=================================
Lepton CMS

[ more ]  [ reply ]
[security bulletin] HPSBHF03441 rev.1 - HPE ilO 3 and iLO 4 and iLO 4 mRCA, Remote Multiple Vulnerabilities 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236950

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236950
Version: 1

HPSBHF03441 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03634 rev.1 - HPE Enterprise Solution Sizers and Storage Sizer running Smart Update, Remote Arbitrary Code Execution 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05237578

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05237578
Version: 1

HPSBGN03634 r

[ more ]  [ reply ]
[security bulletin] HPSBST03629 rev.1 - HP StoreFabric B-series Switches, Remote Disclosure of Privileged Information 2016-08-15
security-alert hpe com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=
emr_n
a-c05236212

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c05236212
Version: 1

HPSBST03629 r

[ more ]  [ reply ]
Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in Magic Fields 1 WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Persistent Cross-Site Scripting in Magic Fields 2 WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

-------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting in Link Library WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting in Link Library WordPress Plugin
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

A

[ more ]  [ reply ]
Ajax Load More Local File Inclusion vulnerability 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Ajax Load More Local File Inclusion vulnerability
------------------------------------------------------------------------

Burak Kelebek, July 2016

------------------------------------------------------------------------

Abstr

[ more ]  [ reply ]
Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login Redirect WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting/Cross-Site Request Forgery in Peter's Login
Redirect WordPress Plugin
------------------------------------------------------------------------

Yorick Koster, July 2016

-------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery vulnerability in Email Users WordPress Plugin
------------------------------------------------------------------------

Julien Rentrop, July 2016

------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Scripting vulnerability in Google Maps WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Scripting vulnerability in Google Maps WordPress Plugin
------------------------------------------------------------------------

Julien Rentrop, July 2016

------------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of images 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of images
------------------------------------------------------------------------

Umit Aksu, July 2016

---------------------------------------------

[ more ]  [ reply ]
Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress Plugin 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Stored Cross-Site Scripting vulnerability in Photo Gallery WordPress
Plugin
------------------------------------------------------------------------

Umit Aksu, July 2016

--------------------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows adding of images 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
adding of images
------------------------------------------------------------------------

Umit Aksu, July 2016

-----------------------------------------------

[ more ]  [ reply ]
Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows deleting of galleries 2016-08-15
Summer of Pwnage (lists securify nl)
------------------------------------------------------------------------

Cross-Site Request Forgery in Photo Gallery WordPress Plugin allows
deleting of galleries
------------------------------------------------------------------------

Umit Aksu, July 2016

------------------------------------------

[ more ]  [ reply ]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass 2016-08-15
reggie dodd30 gmail com
[TITLE]
Taser Axon Dock (Body-Worn Camera Docking Station) v3.1 - Authentication Bypass

[CREDITS & AUTHORS]
Reginald Dodd
https://www.linkedin.com/in/reginalddodd

[VENDOR & PRODUCT]
Taser International Inc.
Axon Dock - Body-Worn Camera Docking Station
https://www.axon.io/products/dock

[SUMMARY]
T

[ more ]  [ reply ]
PayPal Inc BB #127 - 2FA Bypass Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
PayPal Inc BB #127 - 2FA Bypass Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1903

Release Date:
=============
2016-08-12

Vulnerability Laboratory ID (VL-ID):
====================================
1903

[ more ]  [ reply ]
Stash v1.0.3 CMS - SQL Injection Vulnerability 2016-08-15
Vulnerability Lab (research vulnerability-lab com)
Document Title:
===============
Stash v1.0.3 CMS - SQL Injection Vulnerability

References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1899

Release Date:
=============
2016-08-10

Vulnerability Laboratory ID (VL-ID):
====================================
189

[ more ]  [ reply ]
Linksys E2500 and E1200 (Unauth Command Injection) 2016-08-14
samhuntley84 gmail com
Linksys E2500 and E1200 suffer from missing command injection issue in parental control parameters. This allows an attacker to change the control the device remotely.

Combining the attack of no authorization control, it allows an attacker to actually execute unauthenticated command injection attack

[ more ]  [ reply ]
Linksys E1200 and E2500 (Missing authorization on parental control) 2016-08-14
samhuntley84 gmail com


Linksys E1200 hardware version 2.2 and firmware version 2.0.07 (build 2) suffer from missing authorization control on parental control page. This allows an attacker to change the parental controls set up by parents to keep kids safe from visiting adult sites and probably compromise a kid?s device

[ more ]  [ reply ]
Reflected Cross Site Scripting (XSS) Vulnerability in nopcommerce 3.70 2016-08-15
tal argoni (talargoni gmail com)
Security Advisory
CVE-ID: N/A
Topic: Reflected Cross Site Scripting (XSS) Vulnerability in
"successful registration" page
Class: Input Validation
Severity: Medium
Discovery: 2016-04-28
Vendor Notification: 2016-04-28
Vendor response: 2016-05-30
Vendor Patch:

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: array("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions:

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
OpenCart 2.0.3.1 Cross Site Scripting Vulnerability (product_id - GET) 2016-08-13
hamedizadi gmail com
###########################

# OpenCart 2.0.3.1 Cross Site Scripting Vulnerability

###########################

Information
--------------------
Author: Hamed Izadi
Email: ("hamedizadi", "@", "gmail", ".com");
Name: XSS Vulnerability in OpenCart
Affected Software : OpenCart
Affected Versions: v2.0

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 CSRF / DOS 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-CSRF-DOS.t
xt

[+] ISR: ApparitionSec

Vendor:
============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2 Carbon is the core p

[ more ]  [ reply ]
WSO2 CARBON v4.4.5 PERSISTENT XSS COOKIE THEFT 2016-08-13
hyp3rlinx lycos com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-PERSISTENT
-XSS-COOKIE-THEFT.txt

[+] ISR: ApparitionSec

Vendor:
=============
www.wso2.com

Product:
==================
Ws02Carbon v4.4.5

WSO2

[ more ]  [ reply ]
WSO2-CARBON v4.4.5 LOCAL FILE INCLUSION 2016-08-13
apparitionsec gmail com
[+] Credits: John Page aka HYP3RLINX

[+] Website: hyp3rlinx.altervista.org

[+] Source: http://hyp3rlinx.altervista.org/advisories/WSO2-CARBON-v4.4.5-LOCAL-FILE
-INCLUSION.txt

[+] ISR: ApparitionSec

Vendor:
===============
www.wso2.com

Product:
====================
Ws02Carbon v4.4.5

WSO2 Car

[ more ]  [ reply ]
(Page 5 of 1694)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus