CVE-2012-5992

Multiple cross-site request forgery CSRF vulnerabilities on Cisco Wireless LAN Controller WLC devices with software 7.2.110.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add administrative accounts via screens/aaa/mgmtusercreate.html or 2 insert XSS...

NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign

Co-authored byAnna Širokova and Ivan Feigl Executive summary Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in memory and gives attackers remote...

CVE-2013-2704

Cross-site request forgery CSRF vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences...

CVE-2013-2696

Cross-site request forgery CSRF vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences...

CVE-2019-6611

When BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8 are processing certain rare data sequences occurring in PPTP VPN traffic, the BIG-IP system may execute incorrect logic. The TMM may restart and produce a core file as a result of this condition. The...

CVE-2015-9546

An issue was discovered on Samsung mobile devices with KK4.4 and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted fi...

CVE-2019-10715

There is Stored XSS in Verodin Director 3.5.3.0 and earlier via input fields of certain tooltips, and on the Tags, Sequences, and Actors pages...

CVE-2017-11456

Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file...

Mapping the Future of AI Security

AI security is one of the most pressing challenges facing the world today. Artificial intelligence is extraordinarily powerful, and, especially considering the advent of Agentic AI, growing more so by the day. But it is for this reason that securing it is so important. AI handles massive amounts ...

CVE-2010-2627

Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 1.5.3153-802.0 and earlier, and Battlefield 2142 1.10.48.0 and earlier, allow remote servers to overwrite arbitrary files on the client via ".." dot dot backslash sequences in URLs for the 1...

CVE-2011-4453

The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP createfunction function...

CVE-2011-5021

PHPIDS before 0.7 does not properly implement Regular Expression Denial of Service ReDoS filters, which allows remote attackers to bypass rulesets and add PHP sequences to a file via unspecified vectors...

CVE-2014-2864

Multiple directory traversal vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to have an unspecified impact via a filename parameter containing directory traversal sequences...

CVE-2019-13157

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive...

CVE-2010-3100

Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename...

CVE-2010-3688

Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA WebSiteAdmin allows remote emote attackers to include and execute arbitrary local files via directory traversal sequences in the lng parameter...

CVE-2012-3555

Opera before 11.65 does not ensure that keyboard sequences are associated with a visible window, which makes it easier for user-assisted remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary code via a crafted web site, related to a "hidden keyboard navigation" issue...

CVE-2012-5931

Directory traversal vulnerability in the setlogconfig function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname...

CVE-2012-3343

Cross-site request forgery CSRF vulnerability in Microdasys before 3.5.1-B708, as used in Bloxx Web Filtering before 5.0.14 and other products, allows remote attackers to hijack the authentication of arbitrary users for requests that trigger error pages containing XSS sequences, a different...

CVE-2011-4963

nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote attackers to bypass intended access restrictions and access restricted files via 1 a trailing . dot or 2 certain "$indexallocation" sequences in a request...