USN-4122-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to obtain sensitive information, bypass Content Security Policy CSP protections, bypass same-origin restrictions, conduct cross-site...

UBUNTU-CVE-2019-11741

A compromised sandboxed content process can perform a Universal Cross-site Scripting UXSS attack on content from any site it can cause to be loaded in the same process. Because addons.mozilla.org and accounts.firefox.com have close ties to the Firefox product, malicious manipulation of these site...

CVE-2015-9337

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX...

Improper access control

The profile-builder plugin before 2.1.4 for WordPress has no access control for activating or deactivating addons via AJAX...

CVE-2019-9584

eQ-3 Homematic AddOn 'CloudMatic' on CCU2 and CCU3 allows uncontrolled admin access, resulting in the ability to obtain VPN profile details, shutting down the VPN service and to delete the VPN service configuration. This is related to improper access control for all /addons/mh/ pages...

Design/Logic Flaw

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

CVE-2019-14984

eQ-3 Homematic CCU2 and CCU3 with the XML-API through 1.2.0 AddOn installed allow Remote Code Execution by unauthenticated attackers with access to the web interface, because the undocumented addons/xmlapi/exec.cgi script uses CMDEXEC to execute TCL code from a POST request...

cPanel cross-site scripting vulnerability (CNVD-2019-26003)

cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. A cross-site scripting vulnerability exists in the WHM cPAddons installation interface in versions prior to cPanel 62.0.24. The...

CVE-2017-18418

cPanel before 66.0.2 allows stored XSS during WHM cPAddons file operations SEC-265...

CVE-2017-18419

cPanel before 66.0.2 allows stored XSS during WHM cPAddons uninstallation SEC-266...

CVE-2016-10757

In Redaxo 5.2.0, the cron management of the admin panel suffers from CSRF that leads to arbitrary Remote Code Execution via addons/cronjob/lib/types/phpcode.php...

ExtAnalysis - Browser Extension Analysis Framework

With ExtAnalysis you can : Download & Analyze Extensions From: Chrome Web Store Firefox Addons Analyze Installed Extensions of: Google Chrome Mozilla Firefox Opera Browser Coming Soon Upload and Scan Extensions. Supported formats: .crx .xpi .zip Features of ExtAnalysis : View Basic Informations:...

Design/Logic Flaw

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

CVE-2018-18198

The CVE-2018-18198 issue affects REDAXO 5.6.3 via addons/mediapool/pages/index.php where the $opener_input_field is not properly filtered and is echoed to the page. This allows an attacker to inject XSS payloads through a request such as index.php?page=mediapool/media&opener_input_field=[XSS]. Re...

CVE-2018-18198

The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...

CVE-2018-17830

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...

Updated blender packages fix security vulnerabilities

Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...

FF Password Exporter - Easily Export Your Passwords From Firefox

It can be difficult to export your passwords from Firefox. Since version 57 of Firefox Quantum existing password export addons no longer work. Mozilla provides no other official alternatives. FF Password Exporter makes it quick and easy to export all of your passwords from Firefox. You can use FF...