141 matches found
CVE-2017-17752
Ability Mail Server 3.3.2 has Cross Site Scripting XSS via the body of an e-mail message, with JavaScript code executed on the Read Mail screen aka the /readmail URI. This is fixed in version 4.2.4...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr...
Ability Mail Server 3.3.2 - Cross-Site Scripting
Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.codecrafters.com...
CVE-2016-10089
A vulnerability was found in Nagios 4.2.4, and earlier, which allows local users to gain root privileges via a hard link attack on the Nagios init script file, related to CVE-2016-8641. Mitigation This flaw, and others like it, are mitigated by enabling hardlink and symlink protections. These...
Cybozu Garoon Directory Traversal Vulnerability (CNVD-2017-25382)
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin boards, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A directory traversal...
phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2014-2) - Linux
phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cybozu Garoon Session Fixation Vulnerability
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A session fixation vulnerability...
Cybozu Garoon has an unspecified vulnerability
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A security vulnerability exists i...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2017-15107)
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting...
CVE-2017-2146
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...
CVE-2017-2144
Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another user's file through a specially crafted page...
CVE-2017-6360
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...
CVE-2017-6360
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors...
Nagios < 4.2.4 - Local Privilege Escalation
!/bin/bash Source: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html Nagios Core 4.2.4 Root Privilege Escalation PoC Exploit nagios-root-privesc.sh ver. 1.0 CVE-2016-9566 Discovered and coded by: Dawid Golunski dawidatlegalhackers.com https://legalhackers.com Foll...
BigTree-CMS 4.2.x < 4.2.4 Multiple Vulnerabilities
Binary data 9555.prm...
FortiWAN Multiple Vulnerabilities
FortWan 4.2.4 and below is exposed to cross site scripting, information leak and escalation of privilege vulnerabilities. CVE-2016-4965: Non-administrative authenticated user having access privileges to the nslookup functionality can perform OS command injection in the root user context...
Security update for samba (important)
samba was updated to version 4.2.4 to fix 14 security issues. These security issues were fixed: - CVE-2015-5370: DCERPC server and client were vulnerable to DOS and MITM attacks bsc936862. - CVE-2016-2110: A man-in-the-middle could have downgraded NTLMSSP authentication bsc973031. - CVE-2016-2111...
webSPELL 4.2.4 Cross Site Request Forgery / SQL Injection
Advisory ID: HTB23291 Product: webSPELL Vendor: webSPELL.org Vulnerable Versions: 4.2.4 and probably prior Tested Version: 4.2.4 Advisory Publication: January 22, 2016 without technical details Vendor Notification: January 22, 2016 Vendor Patch: February 12, 2016 Public Disclosure: February 17,...
CVE-2015-5731
Cross-site request forgery CSRF vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service editing blockage, via a get-post-lock action...
CVE-2015-2213
SQL injection vulnerability in the wpuntrashpostcomments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is mishandled after retrieval from the trash...