Posted by Jing Wang on Mar 02
*Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities*
Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security
Vulnerabilities
Product: SupeSite CMS (Content Management System)
Vendor: Comsenz
Vulnerable Versions: 6.0.1UC 7.0
Tested Version: 7.0
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Improper Control of Generation of Code (‘Code
Injection’) [CWE 94]
CVE…
Posted by Jing Wang on Mar 02
*NetCat CMS Multiple Remote File Inclusion (RFI) Security Vulnerabilities*
Exploit Title: NetCat CMS Multiple Remote File Inclusion (RFI) Security
Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Improper Control of Filename for Include/Require…
Posted by Jing Wang on Mar 02
*NetCat CMS Full Path Disclosure (Information Disclosure) Security
Vulnerabilities*
Exploit Title: NetCat CMS Full Path Disclosure Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 5.01 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: Information Leak / Disclosure [CWE-200]
CVE…
Posted by Jing Wang on Mar 02
*NetCat CMS Multiple URL Redirection (Open Redirect) Security
Vulnerabilities*
Exploit Title: NetCat CMS Multiple URL Redirection Security Vulnerabilities
Product: NetCat CMS (Content Management System)
Vendor: NetCat
Vulnerable Versions: 5.01 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1
Tested Version: 3.12
Advisory Publication: Feb 25, 2015
Latest Update: Feb 25, 2015
Vulnerability Type: URL Redirection to Untrusted Site (‘Open…
79 bytes small shellcode for armv6l that adds a mapping in /etc/hosts.
Piwik fails to perform signature validation when running updates.
The IBM Notes Traveler Companion application 1.0 and 1.1 before 201411010515 for Window Phone, as distributed in IBM Notes Traveler 9.0.1, does not properly restrict the number of executions of the automatic configuration option, which makes it easier for remote attackers to capture credentials by conducting a phishing attack involving an encrypted e-mail message.
Jakub Wilk discovered that unace, an utility to extract, test and view
.ace archives, contained an integer overflow leading to a buffer
overflow. If a user or automated system were tricked into processing a
specially crafted ace archive, an attacker could cause a denial of
service (application crash) or, possibly, execute arbitrary code.