CVE-2019-10652

An issue was discovered in flatCore 1.4.7. acp/acp.php allows remote authenticated administrators to upload arbitrary .php files, related to the addons feature...

CVE-2018-18198

The $openerinputfield variable in addons/mediapool/pages/index.php in REDAXO 5.6.3 is not effectively filtered and is output directly to the page. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=XSS request...

CVE-2018-18198

The CVE-2018-18198 issue affects REDAXO 5.6.3 via addons/mediapool/pages/index.php where the $opener_input_field is not properly filtered and is echoed to the page. This allows an attacker to inject XSS payloads through a request such as index.php?page=mediapool/media&opener_input_field=[XSS]. Re...

CVE-2018-17830

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted only values are restricted. The attacker can insert XSS payloads via an index.php?page=mediapool/media&openerinputfield=&args substring...

Updated blender packages fix security vulnerabilities

Updated blender package fixes security vulnerabilities: Multiple vulnerabilities have been discovered in various parsers of Blender. Malformed .blend model files and malformed multimedia files AVI, BMP, HDR, CIN, IRIS, PNG, TIFF may result in the execution of arbitrary code CVE-2017-2899,...

FF Password Exporter - Easily Export Your Passwords From Firefox

It can be difficult to export your passwords from Firefox. Since version 57 of Firefox Quantum existing password export addons no longer work. Mozilla provides no other official alternatives. FF Password Exporter makes it quick and easy to export all of your passwords from Firefox. You can use FF...

CVE-2018-1000619

Ovidentia version 8.4.3 and earlier contains a Unsanitized User Input vulnerability in utilit.php, babgetAddonFilePathfromTg that can result in Authenticated Remote Code Execution. This attack appear to be exploitable via The attacker must have permission to upload addons...

CVE-2016-9903

Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox 50.1...

Dumpzilla - Extract All Forensic Interesting Information Of Firefox, Iceweasel And Seamonkey Browsers

Dumpzilla official site : www.dumpzilla.org http://www.dumpzilla.org "Mozilla browser forensic tool" Manual : Español http://dumpzilla.org/Manualdumpzillaes.txt "Manual en español de dumpzilla" / English http://dumpzilla.org/Manualdumpzillaen.txt "Dumpzilla english Manual" SO : Unix / Win...

Free and Open Source Interactive HTTPS Proxy: mitmproxy

mitmproxy is your swiss-army knife for debugging, testing, privacy measurements, and penetration testing. It can be used to intercept, inspect, modify and replay web traffic such as HTTP/1, HTTP/2, WebSockets, or any other SSL/TLS-protected protocols. You can prettify and decode a variety of...

Code execution vulnerability in AddonsController.class.php file in backend of Thunderwind Movie CMS v3.3.4

Thunderwind Movie CMS is a PHP based THINKPHP3.2.3 framework development, suitable for all kinds of video, film and television websites, film and television content management program. A code execution vulnerability exists in the AddonsController.class.php file in the backend of Thunderwind CMS...

Cross site request forgery (csrf)

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

BlackCat CMS Arbitrary PHP Code Execution Vulnerability

BlackCat CMS is a PHP5, HTML5 content management system. An arbitrary PHP code execution vulnerability exists in the backend/addons/install.php file in BlackCat CMS, which can be exploited by remote attackers to execute arbitrary PHP code via a ZIP archive containing the .php file...

CVE-2015-2690

Multiple cross-site scripting XSS vulnerabilities in views/add-license-form.php in the Digium Addons module digiumaddoninstaller before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the 1 addlicensekey, 2 addlicensefirstname, 3 addlicenselastname, 4...

CVE-2015-2690

CVE-2015-2690 affects FreePBX Digium Addons (digiumaddoninstaller) before 2.11.0.7. Multiple XSS flaws exist in views/add-license-form.php invoked via admin/config.php (type=setup, display=digiumaddons, page=add-license-form, addon=ffa). The attacker can inject script/HTML through any of 12 param...

UBUNTU-CVE-2017-5393

The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects...

Fedora Update for kdepim-addons FEDORA-2016-1b042a79bd

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 24 Update: kdepim-addons-16.08.2-1.fc24

Additional plugins for KDE PIM applications...

UBUNTU-CVE-2016-5284

Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org...

WooCommerce Product Addons <= 1.1 - Arbitrary File Upload

The PPOM for WooCommerce WordPress plugin was affected by an Arbitrary File Upload security vulnerability...