Tags archives: sicurezza

 

0

WordPress 3.9.2 Cross Site Scripting

  OVERVIEW ========   A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don’t require authentication by default.   The JavaScript injected into a comment is executed when the target user views it, either on a blog [...]

 

0

Computer hijacking arrests in UK and across Europe

Fifteen people have been arrested, including four in the UK, in connection with the hijacking of computers. Police say the individuals were using software designed to remotely control computers – allowing for the stealing of information. The other arrests were made in Estonia, France, Romania, Latvia, Italy, and Norway. The practice, which in some instances [...]

 

0

Joomla Simple Email Form 1.8.5 Cross Site Scripting

Advisory ID: HTB23241 Product: Simple Email Form Joomla Extension Vendor: Doug Bierer Vulnerable Version(s): 1.8.5 and probably prior Tested Version: 1.8.5 Advisory Publication: October 29, 2014 [without technical details] Vendor Notification: October 29, 2014 Public Disclosure: November 19, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8539 Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) [...]

 

0

Pensate di aver cancellato dei file? I malintenzionati li recuperano, ecco come

 

0

Snowfox CMS 1.0 Open Redirect

Snowfox CMS v1.0 (rd param) Open Redirect Vulnerability     Vendor: Globiz Solutions Product web page: http://www.snowfoxcms.org Affected version: 1.0   Summary: Snowfox is an open source Content Management System (CMS) that allows your website users to create and share content based on permission configurations.   Desc: Input passed via the ‘rd’ GET parameter in [...]

 

0

Samsung Galaxy KNOX Android Browser Remote Code Execution

## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ##   require ‘msf/core’ require ‘digest/md5′   class Metasploit3 < Msf::Exploit::Remote   include Msf::Exploit::Remote::BrowserExploitServer   # Hash that maps payload ID -> (0|1) if an HTTP request has # been made to download a payload of that ID attr_reader :served_payloads   def initialize(info = [...]

 

0

XOOPS 2.5.6 SQL Injection

============================================= MGC ALERT 2014-003 – Original release date: March 6, 2014 – Last revised: November 18, 2014 – Discovered by: Manuel Garcia Cardenas – Severity: 7,1/10 (CVSS Base Score) =============================================   I. VULNERABILITY ————————- Blind SQL Injection in XOOPS <= 2.5.6   II. BACKGROUND ————————- XOOPS is an acronym of “eXtensible Object Oriented Portal System”. [...]

 

0

Proticaret E-Commerce Script 3.0 SQL Injection

Document Title: ============ Proticaret E-Commerce Script v3.0 >= SQL Injection   Release Date: =========== 13 Nov 2014   Product & Service Introduction: ======================== Proticaret is a free e-commerce script.   Abstract Advisory Information: ======================= BGA Security Team discovered an SQL injection vulnerability in Proticaret E-Commerce Script v3.0   Vulnerability Disclosure Timeline: ========================= 20 Oct 2014 [...]

 

0

Pandora FMS 5.1SP1 Cross Site Scripting

I. VULNERABILITY   ————————-   XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 – Revisión PC141031   II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII.   DESCRIPTION ————————- Has been [...]

 

0

Openkm Document Management System 6.4.17 Cross Site Scripting

Openkm Document Management System Suffers From Cross Site Scripting Attack   http://khalil-shreateh.com/khalil.shtml/images/articles/websites/vulnerabili ties/openkm.jpg   Version <=6.4.17 Software Test http://demo.openkm.com/OpenKM/login.jsp Auther : <https://www.facebook.com/khalil.shr> Khalil <https://www.facebook.com/khalil.shr> Shreateh   Auther Website: http://khalil-shreateh.com Status : Reported . Report Link : http://issues.openkm.com/view.php?id=3056   Attack Description   log in with any user Navigate to : <http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Eale rt%28%22XSS%20BY%20KHALIL%20SHREATEHnkhalil-shreateh.com%22%29%3C/script%3E > http://demo.openkm.com/OpenKM/frontend/Download?export&uuid=%3Cscript%3Ealer t%28%22XSS%20BY%20KHALIL%20SHREATEHnkhalil-shreateh.com%22%29%3C/script%3E   [...]