326 matches found
Nagios XI多个远程安全漏洞
Bugtraq ID:57672 Nagios是一款免费开放源代码的主机和服务监视软件 Nagios存在多个安全漏洞,包括: -Alert Cloud组件存在反射型跨站脚本漏洞,可获得敏感信息或劫持用户会话。 -Nagios QL存在存储型跨站脚本漏洞,可获得敏感信息或劫持用户会话。 -Autodiscovery没有正确过滤输入,允许攻击者提交恶意作业执行任意代码。 -'admin/commandline.php'脚本不正确过滤用户提交的参数,允许攻击者利用漏洞注入任意SQL。 -Nagios QL存在跨站请求伪造漏洞,允许攻击者利用漏洞执行恶意操作。...
Serendipity < 1.5.3 'Xinha WYSIWYG' Editor Security Bypass Vulnerability
Serendipity is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:s9y:serendipity";...
MigasCMS Xinha Configuration Injection
================================================ migascms "Xinha" Plugin Configuration Injection Vulnerability ================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1...
MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability
MOPS-2010-020: Xinha WYSIWYG Plugin Configuration Injection Vulnerability May 10th, 2010 A preauth plugin configuration injection vulnerability was discovered in the WYSIWYG editor Xinha that allows e.g. uploading arbitrary PHP files to the webserver. Affected versions Affected is Xinha = 0.96 Be...
Golabi CMS <= 1.0.1 Session Poisoning Vulnerability
No description provided by source. -------------------------------------------------------------------------------- \ \ / \ | | / \ /\ \ \ \ | |/ /\ \ / \ / / | | \ | | // / / \ / | \ | / // /| | \ /|| / / | /| /\ / \ / / / // / /// /...
CVE-2006-5137
Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to 1 inject PHP code via a theme array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; 2 inject PHP code via a config array parameter to...