# Exploit Title:Microweber 0.95 - SQL Injection Vulnerability
# Vendor: https://microweber.com/
# Download link:https://microweber.com/download
(https://github.com/microweber/microweber)
# CVE ID: CVE-2014-9464
# Vulnerability:SQL Injection
# Affected
# Exploit Title: Sefrengo CMS v1.6.1 - Multiple SQL Injection
Vulnerabilities
# Vendor: http://www.sefrengo.org/
# Download link: http://forum.sefrengo.org/index.php?showtopic=3368
(https://github.com/sefrengo-cms/sefrengo-1.x/tree/22c0d16bfd715631ed317cc99
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
- -
Debian Security Advisory DSA-3148-1 secur...@debian.org
http://www.debian.org/security/ Michael Gilbert
January 31, 2015
Information
Advisory by Netsparker.
Name: XSS Vulnerability in Banner Effect Header
Affected Software : Banner Effect Header
Affected Versions: 1.2.7 and possibly below
Vendor Homepage : https://wordpress.org/plugins/banner-effect-header/
Vulnerability Type : Cross-site Scripting
Deusen just published code and description here:
http://www.deusen.co.uk/items/insider3show.3362009741042107/
which demonstrates the serious security issue.
Summary
An Internet Explorer vulnerability is shown here:
Content of dailymail.co.uk can be changed by external domain.
How To Use
1.
# Exploit Title:Fork CMS 3.8.3 - XSS Vulnerability
# Vendor: http://www.fork-cms.com
# Download link:http://www.fork-cms.com/blog/detail/fork-3.8.4-released
# CVE ID: CVE-2014-9470
# Vulnerability:Cross-Site Scripting
# Affected version: Fork 3.8.3
Hi @ll,
on Windows, the command line an application receives can differ
from the command line the calling application supplies to
CreateProcess*().
The documentation of GetCommandLine()
https://msdn.microsoft.com/en-us/library/ms683156.aspx tells:
| Note The name of the executable in the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04552143
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04552143
Version: 1
HPSBMU03236
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -
Debian Security Advisory DSA-3150-1 secur...@debian.org
http://www.debian.org/security/Alessandro Ghedini
February 02, 2015
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04553906
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04553906
Version: 1
HPSBMU03239
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
- -
Debian Security Advisory DSA-3149-1 secur...@debian.org
http://www.debian.org/security/Sebastien Delafond
February 02, 2015
11 matches
Mail list logo