BitTorrent Bootstrap Improper Indexing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Bootstrap. User interaction is not required to exploit this vulnerability. The specific flaw exists within the handling of arguments passed to the lazybdecode function. By sending a...

Xerox Administrator Console Password Extractor

This module will extract the management console's admin password from the Xerox file system using firmware bootstrap injection. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xerox Administrat...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

OpenJDK: missing BootstrapMethods bounds check (Hotspot, 8041717)

Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot...

CMSLogik 1.2.1 - Multiple Vulnerabilities

No description provided by source. !/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2013:0777-1)

java-160-openjdk was updated to 1.12.5 bnc817157 - Security fixes - S6657673, CVE-2013-1518: Issues with JAXP - S7200507: Refactor Introspector internals - S8000724, CVE-2013-2417: Improve networking serialization - S8001031, CVE-2013-2419: Better font processing - S8001040, CVE-2013-1537: Rework...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2014:0174-1)

Fix a file conflict between -devel and -headless package - Update to 2.4.4 bnc858818 - changed from xz to gzipped tarball as the first was not available during update - changed a keyring file due release manager change new one is signed by 66484681 from [email protected], see...

OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

CVE-2014-3840

CVE-2014-3840 affects Mayan EDMS 0.13, with multiple stored XSS vulnerabilities in apps/common/templates/calculate_form_title.html. The issue allows remote authenticated users to inject arbitrary script/HTML via several vectors: (1) a tag, (2) the title of a source in a Staging folder, (3) the Na...

CVE-2014-3840

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in apps/common/templates/calculateformtitle.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a 1 tag or the 2 title of a source in a Staging folder, 3 Name field in a bootstrap setup, or Title fie...

OpenJDK: classfile parser invalid BootstrapMethods attribute length (Hotspot, 8034926)

Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot...

Reflective XSS Vulnerability in twitter-bootstrap-rails

The twitter-bootstrap-rails Gem for Rails contains a flaw that enables a reflected cross-site scripting XSS attack. This flaw exists because the bootstrapflash helper method does not validate input when handling flash messages before returning it to users. This may allow a context-dependent...

CMSLogik 1.2.1 User Enumeration Weakness

!/usr/bin/python CMSLogik 1.2.1 user param User Enumeration Weakness Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

CMSLogik 1.2.1 Cross Site Scripting

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This combination allows for greater security, extensive flexibility, and ease of use. You can use CMSLogik for almost any niche that your project might fall into. The vulnerability is caused...

CMSLogik 1.2.1 Shell Upload

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...

CMSLogik 1.2.1 - Multiple Vulnerabilities

CMSLogik 1.2.1 - Multiple Vulnerabilities !/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter,...

CMSLogik 1.2.1 - Multiple Vulnerabilities

!/usr/bin/python CMSLogik 1.2.1 uploadfileajax Shell Upload Exploit Vendor: ThemeLogik Product web page: http://www.themelogik.com/cmslogik Affected version: 1.2.1 and 1.2.0 Summary: CMSLogik is built on a solid & lightweight framework called CodeIgniter, and design powered by Bootstrap. This...