ManageEngine EventLog Analyzer version 9.9 suffers from unauthenticated remote code execution via shell upload and authorization vulnerabilities.
a0c98cac5f5fd141c8b87fb1b8f63391779ddd21923531556150cd799b862ef7An independent Vulnerability Laboratory Researcher discovered a cross site request forgery vulnerability in the official Avira license account system web-application.
ab4176d2b30b9e05afdd30da7c3b895224608b39c04f1ce77d350aa5b6774188ICS-CERT Advisory 14-238-02 - Timur Yunusov, Ilya Karpov, Sergey Gordeychik, Alexey Osipov, and Dmitry Serebryannikov of the Positive Technologies Research Team have identified four vulnerabilities in the Schneider Electric Wonderware Information Server (WIS). Schneider Electric has produced an update that mitigates these vulnerabilities. Some of these vulnerabilities could be exploited remotely.
e850a4bb6ae07055ff00878ae3e6e5133655aa4d07e4084a152cb16a2cd12e30Subex ROC Fraud Management System version 7.4 suffers from a remote unauthenticated time-based blind SQL injection vulnerability.
53886db4f0e6b216c908fa82111de7bddd4b4dd9b0139ce8fd7c6abaf4e02bbcICIA2014 will be held in Malaysia on October 8-10, 2014. The main objective of this conference is to provide a medium for professionals, engineers, academicians, scientists, and researchers from over the world to present the result of their research activities in the field of Computer Science, Engineering and Information Technology. ICIA2014 provides opportunities for the delegates to share the knowledge, ideas, innovations and problem solving techniques. Submitted papers will be reviewed by the technical program committee of the conference.
6ac89c400e8c3a9e671ab7d3c13272f0dcbd66ccba1b48822a10ca88620043e8This whitepaper goes into detail on design and implementation details for performing voice encryption on telephone networks. Written in Spanish.
96654408957024ded313fec057b5f79be73443423be062807bec0d5dffc0bf05LeapFTP version 3.1.0 URL handling SEH buffer overflow exploit that spawns calc.exe.
39a29201fceb706e13e2e41a07ee46ce9c3e7c6fd111a0d73e1c47b2198fb14dSniggabo CMS version 3.17 suffers from a cross site scripting vulnerability.
d08eaf053576dff5b89e2f5b00c8c530a7e66a236f16ff7712d6a017779f47f8This whitepaper provides an analysis of why malware is so successful. For many years, different types of malware rank among the biggest IT security threats both in the business and the private domain. In order to protect one self from the dangers of malware, numerous software manufacturers offer IT security products like antivirus and endpoint protection software. But these products alone offer no sufficient protection from malware that knows some tricks, as the results of the author's recent research with the topic antivirus evasion show.
dec9eff1124fd9cbaf98f478be5bc00a12adec280ae5425357c695fc475ac738Arachni Web Application Scanner version 0.4.7 suffers from a persistent cross site scripting vulnerability.
e72dde4bcfe334720ae988fd0e43af4ed94edb515423223e7bc2dcf2df9bcf28WordPress Ultimate, IncredibleWP, Ultimatum, Medicate, Centum, Avada, Striking, Beach, and CuckooTap Theme & eShop themes suffer from an arbitrary file download vulnerability. Note that this finding houses site-specific data.
bf222a16897642cbc16ceccceb7f65a592eac26d57d3fccb76735f024300c150Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well.
1726b972e5f7b81516b54d146c54fb1608b841f8ba39f275b51934e65215d5cdA SOP bypass occurs when a sitea.com is some how able to access the properties of siteb.com such as cookies, location, response etc. Due to the nature of the issue and potential impact, this is very rarely found in modern browsers. However, they are found once in a while.
b5c1e22000f4ed24662d0911996baf893391c569633c0cd44a70ed8a1525e169In-Portal CMS suffers from a cross site scripting vulnerability.
dc10b7f0aeb4945e6ca1d98f043f3b423396541316af2d55a637765311966a11
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed