Class Cross-Site Scripting
Remote Yes
Disclosed 9th October 2014
Published 7th January 2015
Credit Dave Daly of Dionach (vu...@dionach.com)
Confirmed VulnerableBrother MFC-J4410DW with F/W Versions J and K
The printer administration web application on Brother MFC-J4410DW model
Kunena forum extension for Joomla multiple SQL injection vulnerabilities
Class: Input Validation Error
CVE:N/A
Remote: Yes
Local: No
Published: 02/07/2014
Credit: Raymond Rizk of Dionach
Kunena forum extension for Joomla multiple reflected cross-site scripting
vulnerabilities
Class: Input Validation Error
CVE N/A
Remote Yes
Local No
Published 02/07/2014
Credit Raymond Rizk of
Class Stored Cross-Site Scripting
Remote Yes
Credit Michael Savage of Dionach (vu...@dionach.com)
Vulnerable MojoPortal 2.3.9.7
MojoPortal is prone to a stored cross-site scripting vulnerability because it
does not escape the titles of forum threads when inserting
DataWatch Monarch BI v5.1 client section stored cross-site scripting
Class: Input Validation Error
Remote: Yes
Local: No
Published: 26/06/2012
Credit: Raymond Rizk of Dionach Limited (vu...@dionach.com)
Vulnerable: DataWatch Monarch BI v5.1
DataWatch's Monarch BI client section is prone to
DataWatch Monarch BI v5.1 admin section blind SQL injection
Class: Input Validation Error
Remote: Yes
Local: No
Published: 26/06/2012
Credit: Raymond Rizk of Dionach Limited (vu...@dionach.com)
Vulnerable: DataWatch Monarch BI v5.1
DataWatch's Monarch BI client section is prone to a blind
DataWatch Monarch BI v5.1 admin section blind XPath injection
Class: Input Validation Error
Remote: Yes
Local: No
Published: 26/06/2012
Credit: Raymond Rizk of Dionach Limited (vu...@dionach.com)
Vulnerable: DataWatch Monarch BI v5.1
DataWatch's Monarch BI admin section is prone to a blind
TEMENOS T24 R07.03 reflected cross-site scripting
Class: Input Validation Error
Remote: Yes
Local: No
Published: 26/06/2012
Credit: Raymond Rizk of Dionach Limited (vu...@dionach.com)
Vulnerable: TEMENOS T24 R07.03
TEMENOS T24 is prone to a reflected cross-site scripting vulnerability
TEMENOS T24 R07.03 authentication bypass
Class: Access Validation Error
Remote: Yes
Local: No
Published: 26/06/2012
Credit: Raymond Rizk of Dionach Limited (vu...@dionach.com)
Vulnerable: TEMENOS T24 R07.03
TEMENOS T24 is prone to an authentication bypass vulnerability as it fails to
Class Input Validation Error
Remote Yes
Published 10 February 11:00AM
Vulnerable XI R2
SAP Business Objects is prone to a cross-site scripting vulnerability because
it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary
Class Input Validation Error
CVE
Remote Yes
Local No
Published Feb 14 2011 08:55AM
Credit Dionach
Vulnerable Kodak InSite 5.5.2
Kodak InSite is prone to a cross-site scripting vulnerability because it fails
to sufficiently sanitize user-supplied data.
Class Input Validation Error
CVE
Remote Yes
Local No
Published Feb 14 2011 08:55AM
Credit Dionach
Vulnerable Kodak InSite 5.5.2
Kodak InSite is prone to a cross-site scripting vulnerability because it fails
to sufficiently sanitize user-supplied data.
Affected products:
Consona Live Assistance
Consona Dynamic Agent
Consona Subscriber Assistance
Vulnerabilities:
-XSS
-Remote Code Execution
-Buffer Overflow
-Privilege escalation
Executive summary:
Consona products uses a propietary ActiveX site-lock mechanism that can
be defeated through
[ HTML VERSION ] http://www.wintercore.com/advisories/advisory_W020209.html
[ exploit code ]
http://kartoffel.reversemode.com/downloads.php
Background
Non-technical description
Technical Description
Exploiting it
References
Products Affected
Credits
Disclosure Timeline
Contact
1.
[ Wintercore Research:: Advisory W01-0109 ]
html version: http://www.wintercore.com/advisories/advisory_W010109.html
1. Background
SystemcastWizard Lite is support software for the setup of the
PRIMEQUEST system
2. Non-technical description
PXEService.exe is prone to a remote buffer
[ HTML FORMATED Advisory ]
http://www.wintercore.com/advisories/advisory_W021008.html
[TEXT VERSION]
GearSoftware Powered Products Local Privilege Escalation
+ GEARASpiWDM.sys Insecure Method
+ Microsoft Windows Kernel IopfCompleteRequest Integer Overflow
:: Summary
1. Background
2.
We just want to make a public warning to those users of Motorola/Netopia
Timbuktu Remote Control Software who are using the Internet Locator
service. This service allows to locate any Timbuktu's user just by
knowing the email.
More than five months ago we notified Netopia's customer support
[ Wintercore Advisory ]
Realtek HD Audio Codec Drivers (Vista) - Local Privilege Escalation
:: Non-Technical Description
Realtek HD Audio Codec Drivers are prone to a local privilege escalation
due to insufficient validation of user-mode buffers. Successful
exploitation grants SYSTEM
Hi,
According to the following press release of MessageLabs:
http://www.messagelabs.com/resources/press/11351
the proportion of spam from Gmail increased two-fold from 1.3 percent
in January to 2.6 percent in February
Recently, researchers at Websense also spotted ITW
19 matches
Mail list logo
