Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator's authentication...

CVE-2017-7357

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file...

CVE-2017-7357

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file...

Arbitrary file deletion

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file...

CVE-2017-7357

CVE-2017-7357 affects Hipchat Server, specifically versions prior to 2.2.3. The vulnerability allows remote authenticated users with Server Administrator privileges to execute arbitrary code by importing a file. The issue is attributed to the Administrative Imports pathway, enabling code executio...

CVE-2017-5869

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. dot dot in the X-File-Name header...

Directory traversal

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. dot dot in the X-File-Name header...

Elevation of Privilege Vulnerability in the background of emlog personal blog system

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A privilege elevation vulnerability exists in the background /src/admin/data.php page of the emlog personal blog system. An attacker can exploit the vulnerability to elevate privileges by importing files...

WordPress Plugin Add From Server 3.3.2 - Cross-Site Request Forgery (Arbitrary File Upload)

WordPress Plugin Add From Server 3.3.2 - Cross-Site Request Forgery Arbitrary File Upload Cross-Site Request Forgery vulnerability in Add From Server WordPress Plugin Abstract It was discovered that Add From Server is vulnerabile to Cross-Site Request Forgery. It can be exploited by luring the...

LMCMS Backend Arbitrary File Upload Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

phpLiteAdmin 1.9.6 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpLiteAdmin v1.9.6 - Multiple Vulnerabilities Date: 20.04.2016 Exploit Author: Ozer Goker Vendor Homepage: https://www.phpliteadmin.org Software Link: https://bitbucket.org/phpliteadmin/public/downloads/phpLiteAdminv1-9-6.zip...

CVE-2014-9510

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

CVE-2014-9510

Cross-site request forgery CSRF vulnerability in the administration console in TP-Link TL-WR840N V1 router with firmware before 3.13.27 build 141120 allows remote attackers to hijack the authentication of administrators for requests that change router settings via a configuration file import...

Security Advisory-Multiple Vulnerabilities in Huawei eSpace Desktop Product

Huawei eSpace Desktop products have the following vulnerabilities: 1 The program does not implement comprehensive validity check on the QES file imported into the system, causing the system to exit unexpectedly. Vulnerability ID: HWPSIRT-2014-1151 This vulnerability has been assigned Common...

CVE-2013-1851

CVE-2013-1851 affects ownCloud server via an incomplete blacklist in lib/migrate.php. Affected versions are before 4.0.13 and before 4.5.8 (4.5.x). When user_migrate is enabled, remote authenticated users can import arbitrary files into their own account via unspecified vectors. Root cause is imp...

Self-XSS due to unescaped HTML output in import.

PMASA-2014-1 Announcement-ID: PMASA-2014-1 Date: 2014-02-15 Summary Self-XSS due to unescaped HTML output in import. Description When importing a file with crafted filename, it is possible to trigger an XSS. Severity We consider this vulnerability to be non critical. Mitigation factor This...

Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.9.4 build 2995 contains a code injection vulnerability

Overview Thomson Reuters Velocity Analytics Vhayu Analytic Server version 6.94 build 2995 and possibly earlier versions contain a code injection vulnerability CWE-94. Description CWE-94:Improper Control of Generation of Code 'Code Injection' Thomson Reuters Velocity Analytics Vhayu Analytic Serve...

[SET] Social-Engineer Toolkit 4.1.3

TrustedSec Release the latest version of Social-Engineer Toolkit SET as 4.1.3. As most of us know that, It is an open source, python-driven, social-engineering penetration testing framework of custom tools which solely focuses on attacking the human element of penetration testing. It was designed...

xRadio 0.95b Buffer Overflow

This module exploits a buffer overflow in xRadio 0.95b. Using the application to import a specially crafted xrl file, a buffer overflow occurs allowing arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Current source:...