721 matches found
Joomla eXtplorer 2.1.3 Cross Site Scripting
Hello, Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3 component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via a crafted string inthe URL to application.js.php, admin.php, copymove.php, functions.php, header.php and upload.php. File:...
CVE-2012-6628
Multiple cross-site scripting XSS vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 xyzemcampName to admin/createcampaign.php or 2 admin/editcampaign.php, 3 xyzememail parameter to admin/editemail.ph...
Ametys CMS 3.5.2 - lang XPath Injection
Ametys CMS 3.5.2 - lang XPath Injection Ametys CMS 3.5.2 lang parameter XPath Injection Vulnerability Vendor: Anyware Services Product web page: http://www.ametys.org Download: http://www.ametys.org/en/download/ametys-cms.html Affected version: 3.5.2 and 3.5.1 Summary: Ametys is a Java-based open...
[security bulletin] HPSBMU02931 rev.2 - HP Service Manager, Injection of Arbitrary Code, Remote Privilege Elevation, Remote Disclosure of Privileged Information and Cross Site Scripting (XSS)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03960916 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03960916 Version: 2 HPSBMU02931 rev....
Remote Code Execution in GLPI
Advisory ID: HTB23173 Product: GLPI Vendor: INDEPNET Vulnerable Versions: 0.84.1 and probably prior Tested Version: 0.84.1 Advisory Publication: September 11, 2013 without technical details Vendor Notification: September 11, 2013 Vendor Patch: September 12, 2013 Public Disclosure: October 2, 2013...
Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload
Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------'...
Fly-High CMS 2012-07-08 - Unrestricted File Upload Exploit
Exploit for php platform in category web applications ?php / ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit...
CMS Gratis Indonesia PHP Code Injection
Exploit Title : CMS Gratis Indonesia PHP Code Injection Date : 4 June 2013 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://cmsid.org/ Software Link : http://jaist.dl.sourceforge.net/project/cmsid/source/2.2/cmsid-2.2-beta1.zip Version : 2.2 Beta 1 Tested on : Windo...
PhpTax 0.8 Code Execution
,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team .. +---------------------------^----------| ,-------, | / XXXXXX /| / / XXXXXX / \ / / XXXXXX /\ / XXXXXX / / XXXXXX / ------' Exploit Title : PhpTax File Manipulationnewvalue,field Remote Code...
Sun Java Web Start Splashscreen GIF Decoding Buffer Overflow - Improved Performance (CVE-2008-2086)
The Sun Java Web Start is a component of the Java 2 Runtime Environment JRE. It allows for the network deployment of Java applications. This component enables stand-alone Java applications to be downloaded from a remote network location and invoked on a target machine. There exists a memory...
Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow - High Confidence (CVE-2007-6435)
Novell GroupWise is a client-server collaborative software and email system provided by Novell. The Novell GroupWise Client application is capable of communicating with Novell Group server, as well as Internet email gateways using SMTP, POP, and IMAP protocols. A buffer overflow vulnerability has...
BigAnt Server SCH Request Stack Buffer Overflow (CVE-2012-6275)
A stack buffer overflow vulnerability exists in BigAnt Server. The vulnerability is due to a boundary error when handling SCH and DUPF requests. Remote unauthenticated attackers can exploit this vulnerability by sending malicious requests to the target server. Successful exploitation would result...
Foswiki < 1.1.8 MAKETEXT Macro Arbitrary Code Injection
According to its version number, the instance of Foswiki installed on the remote host is affected by a code injection vulnerability in the '%MAKETEXT%' macro. An incomplete fix to CVE-2012-6329 left this attack vector available in which an attacker can invoke arbitrary Perl modules by escaping...
CVE-2012-3528
Multiple cross-site scripting XSS vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
Multiple stored XSS - ownCloud
Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...
Active Collab "chat module" 2.3.8 Remote PHP Code Injection
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Active Collab "chat module" %q This...
Fedora 15 : wicd-1.7.0-12.fc15 (2012-5923)
This update fixes CVE-2012-2095. The wicd daemon suffered from a local privilege escalation flaw due to incomplete input sanitization. A local attacker sould use this to inject arbitrary code through the D-Bus interface. Note that Tenable Network Security has extracted the preceding description...
WikkaWiki <= 1.3.2 Multiple Security Vulnerabilities
No description provided by source. ---------------------------------------------------- WikkaWiki = 1.3.2 Multiple Security Vulnerabilities ---------------------------------------------------- author............: Egidio Romano aka EgiX mail..............: n0b0d13satgmaildotcom software link.....:...
TimThumb Arbitrary Code Injection
Binary data 6059.prm...
phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection
$Id: phpscheduleitstartdate.rb 14073 2011-10-26 18:06:12Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...