Lucene search
K

235 matches found

Tenable Nessus
Tenable Nessus
added 2017/07/17 12:0 a.m.16 views

Fedora 26 : php-pear-CAS (2017-2f3096ba16)

Changes in version 1.3.5 - Security Fixes : - Fix possible authentication bypass in validateCAS20 228 Gregory Boddin - Bug Fixes : - Fix file permissions non-executable 177 Remi Collet - Fixed translations Greek and Japanese 192 ikari7789 - Fix errors under phpdbg 204 MasonM - Fix logout...

5.6AI score
Exploits0References1
0day.today
0day.today
added 2017/06/22 12:0 a.m.241 views

PHPMailer < 5.2.20 with Exim MTA - Remote Code Execution Exploit

Exploit for php platform in category web applications !/usr/bin/python Exploit Title: RCE for PHPMailer 5.2.20 with Exim MTA Date: 16/06/2017 Exploit Author: @phacktul Software Link: https://github.com/PHPMailer/PHPMailer Version: 5.2.20 Tested on: Debian x86/x64 CVE :...

7.5CVSS10AI score0.99714EPSS
Exploits71
Hacker One
Hacker One
added 2017/03/12 6:34 a.m.59 views

HackerOne: IE 11 Self-XSS on Jira Integration Preview Base Link

I wasn't sure if you would accept this report due to it being Self-XSS, but I figured it might be useful information because it breaks one of the flows used to validate URLs. Steps ==================== 1. Launch IE 11 2. Log into a HackerOne account that has admin on a program. 3. Go to the...

6.5AI score
Exploits0
exploitpack
exploitpack
added 2017/01/30 12:0 a.m.18 views

HelpDeskZ 1.0.2 - (Authenticated) SQL Injection Unauthorized File Download

HelpDeskZ 1.0.2 - Authenticated SQL Injection Unauthorized File Download ''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3;...

0.4AI score
Exploits0
Exploit DB
Exploit DB
added 2017/01/30 12:0 a.m.78 views

HelpDeskZ &lt; 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download

''' Exploit Title: HelpDeskZ fetchRow"SELECT , COUNTid AS total FROM ".TABLEPREFIX."attachments WHERE id=".$db-realescapestring$params2." AND ticketid=".$params0." AND msgid=".$params3; third argument AND msgid=".$params3; sent to fetchRow query with out any senitization Steps to reproduce:...

7.4AI score
Exploits0
Citrix
Citrix
added 2016/12/11 12:0 a.m.8 views

NetScaler Gateway: Could not add account. Check your account settings and try again.

When accessing the Store externally we would get the error Could not add account. Check your account settings and try again. If we access the Storefront Base URL, we are able to enumerate the applications and desktops just fine...

7AI score
Exploits0
Citrix
Citrix
added 2016/09/30 12:0 a.m.7 views

SF Web Page inaccessible after changing Base URL

- Once the SF is configured, there might be a need to change the Base URL. However, the SF page becomes inaccessible and throws below error - You might also get "Cannot complete your request" on this page...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

SPIP < 2.0.9 Arbitrary Copy All Passwords to XML File Remote Exploit

No description provided by source. !/usr/bin/env python SPIP - Content Management System 2.0.9 exploit http://www.securityfocus.com/bid/36008 Author : KernelPanik import urllib, urllib2 import cookielib import sys def sendrequesturlOpener, url, postdata=None: request = urllib2.Requesturl url =...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.22 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.26 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/05/06 12:10 p.m.22 views

JIRA changes base url without asking for admin authentication

If you access JIRA with the wrong url it tells you that and gives you the options of either hiding the message or updating the base url. If you click the "Update the base url" link, the base url WILL BE CHANGED to that, WITHOUT asking you for admin credentials...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/13 10:5 p.m.18 views

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/13 10:5 p.m.30 views

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/04/13 10:5 p.m.22 views

Confluence does not respect HTTPS in Server Base URL when 301 redirecting

We have Confluence setup behind an Apache reverse proxy and our Server Base URL is set to "https://confluence...". However, when Confluence sends out a 301, it always sends the Location: http://confluence..., which then gets redirected by Apache to https://confluence... Confluence should respect...

0.4AI score
Exploits0
Metasploit
Metasploit
added 2009/10/29 9:45 p.m.24 views

HTTP GET Request URI Fuzzer (Fuzzer Strings)

This module sends a series of HTTP GET request with malicious URIs. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP GET Request URI Fuzzer Fuzzer Strings', 'Description' = %q This module...

7AI score
Exploits0
Rows per page
Query Builder