[FD] NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities

*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] Piwik Downloads Updates over HTTP

Piwik is an open-source web analytics tool. Its updater downloads and executes PHP code over an insecure (not-HTTPS) connection. The issue was reported on the public GitHub tracker in October of 2014 and remains unfixed. https://github.com/piwik/piwik/issues/6441 Code signing is implemented, but

[FD] Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities

*Comsenz SupeSite CMS Reflected XSS (Cross-site Scripting) Security Vulnerabilities* Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS (Content Management System) Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested

[FD] NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities

*NetCat CMS Multiple URL Redirection (Open Redirect) Security Vulnerabilities* Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities Product: NetCat CMS (Content Management System) Vendor: NetCat Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1

[FD] XSS Reflected vulnerabilities in Fortimail version 5.2.1 (CVE-2014-8617)

I. VULNERABILITY - XSS Reflected vulnerabilities in Fortimail version 5.2.1 II. BACKGROUND - Fortinet’s industry-leading, Network Security Platforms deliver Next Generation Firewall (NGFW) security with exceptional throughput, ultra low latency, and

Re: [FD] Reflected File Download in AOL Search Website

It seems was fixed. HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 22:21:31 GMT Server: Apache-Coyote/1.1 Content-Disposition: attachment; filename=autocomplete.txt Content-Type: application/x-suggestions+json;charset=UTF-8 Content-Language: en-US Content-Length: 34 Keep-Alive: timeout=5, max=69

[FD] GDS Labs Alert [CVE-2015-2080] - JetLeak Vulnerability: Remote Leakage Of Shared Buffers In Jetty Web Server

GDS LABS ALERT: CVE-2015-2080 JetLeak Vulnerability Remote Leakage Of Shared Buffers In Jetty Web Server SYNOPSIS Gotham Digital Science discovered a critical information leakage vulnerability in the Jetty web server that allows an unauthenticated remote attacker to read arbitrary data

[FD] Vulnerabilities in Hikvision DS-7204HWI-SH

Hello list! There are Abuse of Functionality and Brute Force vulnerabilities in Hikvision DS-7204HWI-SH. - Affected products: - Vulnerable is the next model: Hikvision DS-7204HWI-SH with different versions of firmware. -- Details: