42 matches found
CVE-2021-31550
An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers...
PT-2021-19421 · Mediawiki +1 · Commentbox Extension +2
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35.2 CommentBox extension for MediaWiki versions through 1.35.2 Description: An issue was discovered that allows a malicious actor to introduce XSS payloads into various layers via crafted configuration variables...
MediaWiki 跨站脚本漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki version 1.35.2 and prior versions, which stems fr...
CVE-2020-12126
Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint...
CVE-2020-15082
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...
Security feature bypass
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6...
CVE-2020-15082
CVE-2020-15082 affects PrestaShop: versions 1.6.0.1 through prior to 1.7.6.6 permit rewriting all configuration variables via the dashboard due to an underlying issue. The vulnerability is fixed in 1.7.6.6. Public references from NVD and Red Hat corroborate this fixed version, with CVSS scores in...
Security Bulletin: A Security Vulnerability, exists in the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software (CVE-2015-1835)
Summary A security vulnerability, CVE-2015-1835, has been discovered that affects the Android platform used by the Cordova tools in Rational Application Developer for WebSphere Software. Vulnerability Details CVEID: CVE-2015-1835 DESCRIPTION: The Apache Cordova could allow a remote attacker to...
Brosec - An interactive reference tool to help security professionals utilize useful payloads and commands
Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful yet sometimes complex payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly...
CVE-2007-5900
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...
Fedora Update for php-symfony2-Routing FEDORA-2013-22422
Check for the Version of php-symfony2-Routing OpenVAS Vulnerability Test Fedora Update for php-symfony2-Routing FEDORA-2013-22422 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Nmap NSE 6.01: ntp-info
Gets the time and configuration variables from an NTP server. We send two requests: a time request and a 'read variables' opcode 2 control message. Without verbosity, the script shows the time and the value of the 'version', 'processor', 'system', 'refid', and 'stratum' variables. With verbosity,...
About Dedecms variable coverage exploits-vulnerability warning-the black bar safety net
Someone recently broke the dedecms variable coverage holes,it is also a quite interesting vulnerability, and in some cases dedecms this variable vulnerability to exist for so long in some people are many years,about six months ago I also independently discovered by 本文 [email protected] Write ...
ntp-info NSE Script
Gets the time and configuration variables from an NTP server. We send two requests: a time request and a "read variables" opcode 2 control message. Without verbosity, the script shows the time and the value of the version, processor, system, refid, and stratum variables. With verbosity, all...
Gentoo Security Advisory GLSA 200407-22 (dev-db/phpmyadmin)
The remote host is missing updates announced in advisory GLSA 200407-22. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Words tag script 1.2 (word) Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================== Words tag script 1.2 word Remote SQL Injection Vulnerability ============================================================== || | | Words tag script v1.2 word Remote SQL Injecti...
CVE-2007-5900
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...
CVE-2007-5900
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...
CVE-2007-5900
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through phpadminvalue or phpadminflag in httpd.conf by using iniset to modify arbitrary configuration variables, a different issue than CVE-2006-4625...
CVE-2006-3584
Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables...