EUVD-2019-1710

Malware in sbrugna...

WordPress SecuPress plugin <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address vulnerability

Cross-Site Request Forgery to Banned IP Address vulnerability discovered by Lucio Sá in WordPress Plugin SecuPress Free versions = 2.2.5.1...

SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address

Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...

CVE-2019-0975

A security feature bypass vulnerability exists when Active Directory Federation Services ADFS improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security...

Security feature bypass

A security feature bypass vulnerability exists when Active Directory Federation Services ADFS improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security...

ADFS Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Active Directory Federation Services ADFS improperly updates its list of banned IP addresses. To exploit this vulnerability, an attacker would have to convince a victim ADFS administrator to update the list of banned IP addresses. This security...

Nextcloud: WordPress vulnerable to multiple attacks at https://nextcloud.com

summary: your current version of WordPress is available to multiple attacks check INFO.php available attacks: - Unauthenticated Arbitrary File Deletion - lib/IPTraf.php User-Agent Header Stored XSS - Password Creation Restriction Bypass - wp-admin/admin.php whois Parameter Stored XSS - XSS & IAA ...

Static-HTTP-Server-1.0-SEH

Notes: Multiple HTTP commands and headers are vulnerable to overflows and trigger an exception, but I was unable to control the SEH handler with anyting but configuration options in the http.ini. import os def fileCreate: print "\n Your current file directory is %s. " % os.getcwd try: File =...

Jax PHP Scripts 1.0/1.34/2.14/3.31 guestbook_ips2block Banned IP List Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/14482/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

Static HTTP Server 1.0 - SEH Overflow

No description provided by source. !/usr/bin/env python import os TitleStatic HTTP Server SEH Overflow - HTTP Config - httptiplist Discovered and ReportedJune 2013 Discovered/Exploited ByJacob Holcomb/Gimppy, Security Analyst @ Independent Security Evaluators...

Home FTP Server 1.10.3 / 1.11.1 Directory Traversal

Exploit Title: Home FTP Server Directory Traversal Date: Oct 28, 2010 Author: chr1x Software Link: http://downstairs.dnsalias.net/files/HomeFtpServerInstall.exe Description: Home Ftp Server is an easy to use FTP server, that allows you to share files directly from your PC with lots of setup...