Monthly Archive: October 2016

Directory traversal vulnerability in the Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 allows remote attackers to read arbitrary files via a crafted...

Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device reload)...

Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a...

Zotpress plugin for WordPress SQLi in zp_get_account() Date published : 2016-10-06 http://www.securityfocus.com/bid/93894 https://wordpress.org/plugins/zotpress/changelog/

Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla Date published : 2016-10-06 https://www.exploit-db.com/exploits/42598/ http://huge-it.com/joomla-catalog/

Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date published : 2016-10-06 http://www.securityfocus.com/bid/93268 https://www.exploit-db.com/exploits/42597/

Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla Date published : 2016-10-06 http://www.securityfocus.com/bid/93107 https://www.exploit-db.com/exploits/42596/

XSS in huge IT gallery v1.1.5 for Joomla Date published : 2016-10-06 http://www.securityfocus.com/bid/92102 http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro

XSS and SQLi in huge IT gallery v1.1.5 for Joomla Date published : 2016-10-06 http://www.securityfocus.com/bid/92102 http://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-pro

Unauthenticated remote .jpg file upload in contus-video-comments v1.0 wordpress plugin Date published : 2016-10-06 http://www.securityfocus.com/bid/93967 http://www.vapidlabs.com/advisory.php?v=163

TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. Date published : 2016-10-06 http://seclists.org/bugtraq/2016/Jul/3 https://pbs.twimg.com/media/CmnQ3F0WIAAs_X0.jpg

Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection Date published : 2016-10-06 http://www.securityfocus.com/bid/94496 https://www.tenable.com/security/research/tra-2016-15

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components might allow remote attackers to obtain access via the (1) Windows CE Remote Configuration Tool, (2) CE Remote Display service, or...

Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force...