7965 matches found
Wordpress plugins wp-catpro Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Wordpress plugins powerzoomer Arbitrary File Upload Vulnerability
The attacker can uplaod file/shell.php.gif 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site :...
Wordpress plugins wp-powerplaygallery Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: attacalendar, attacpetition, eusubscribe, exinitjoboffer, fefilebrowser, jscssoptimizer, kkcsv2table, lonewsseo, mnmysql2json, newssearch, tipafriendplus, twitterauth, sofortueberweisung2commerce, sysmessages...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
Console: XSS in invoke operation
It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...
Console: XSS in invoke operation
It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...
JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure
The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...
Console: XSS in invoke operation
It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...
JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure
The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...
CSRF on jmx-console allows invocation of operations on mbeans
Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...
CentOS Update for OpenIPMI CESA-2013:0123 centos5
Check for the Version of OpenIPMI OpenVAS Vulnerability Test CentOS Update for OpenIPMI CESA-2013:0123 centos5 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
TYPO3 T3 jQuery Extension任意PHP代码执行漏洞
BUGTRAQ ID: 57280 Typo3是开源内容管理系统(CMS)和内容管理框架(CMF)。 TYPO3 T3 jQuery 2.2.0及之前版本对用户控制的输入使用了 "unserialize",可被利用执行任意PHP代码。 0 TYPO3 T3 jQuery extension = 2.2.0 厂商补丁: TYPO3 ----- TYPO3已经为此发布了一个安全公告(typo3-ext-sa-2013-001)以及相应补丁: typo3-ext-sa-2013-001:TYPO3-EXT-SA-2013-001: Several vulnerabilities in thir...
Several vulnerabilities in third party extensions
Several vulnerabilities have been found in the following third-party TYPO3 extensions: news, onetimeaccount, phpunit, div2007, t3mootools, t3jquery, oneclicklogin Release Date: January 11, 2013 Please read first: This Collective Security Bulletin CSB is a listing of vulnerable extensions with...
Low: Red Hat Security Advisory: OpenIPMI security, bug fix, and enhancement update
Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...
RHEL 5 : OpenIPMI (RHSA-2013:0123)
Updated OpenIPMI packages that fix one security issue, multiple bugs, and add one enhancement are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...
UBUNTU-CVE-2012-3544
Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data...
Debian DSA-2596-1 : mediawiki-extensions - XSS
Thorsten Glaser discovered that the RSSReader extension for MediaWiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the MediaWiki pages. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
[SECURITY] [DSA 2596-1] mediawiki-extensions security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2596-1 [email protected] http://www.debian.org/security/ Jonathan Wiltshire December 30, 2012 http://www.debian.org/security/faq -...
DSA-2596-1 mediawiki-extensions - cross-site scripting in RSSReader extension
Bulletin has no description...