Open Journal Systems 2.3.6 XSS / File Manipulation / Shell Upload

Advisory ID: HTB23079 Product: Open Journal Systems OJS Vendor: Public Knowledge Project Vulnerable Versions: 2.3.6 and probably prior Tested Version: 2.3.6 Vendor Notification: 29 February 2012 Vendor Patch: 16 March 2012 Public Disclosure: 21 March 2012 Vulnerability Type: Arbitrary File...

Open Journal Systems (OJS) 2.3.6 - rfiles.php Traversal Arbitrary File Manipulation

Open Journal Systems OJS 2.3.6 - rfiles.php Traversal Arbitrary File Manipulation source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An...

VLC v. 1.1.11 .eac3 DOS

Exploit for windows platform in category dos / poc Exploit Title: VLC v. 1.1.11 .eac3 DOS Date: 3/14/2012 Author: Dan Fosco Vendor or Software Link: www.videolan.org Version: 1.1.11 Category:: local Google dork: n/a Tested on: Windows XP SP3 64-bit Demo site: n/a include int mainint argc, char ar...

Siemens WinCC Multiple Vulnerabilities

Overview Independent researchers Gleb Gritsai, Alexander Zaitsev, Sergey Scherbel, Yuri Goltsev, Dmitry Serebryannikov, Sergey Bobrov, Denis Baranov, Andrey Medov from Positive Technologies have identified multiple vulnerabilities in the Siemens WinCC application. In evaluating these reported...

Multiple vulnerabilities in Open Journal Systems (OJS)

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Open Journal Systems which can be exploited to manipulate local files, upload arbitrary files and perform Cross-Site Scripting XSS attacks. 1 Arbitrary File Manipulation in Open Journal Systems: CVE-2012-1467 1.1...

CVE-2012-1065

Insecure method vulnerability in TuxScripting.dll in the TuxSystem ActiveX control in 2X ApplicationServer 10.1 Build 1224 allows remote attackers to create or overwrite arbitrary files via the ExportSettings method...

Directory traversal

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server RLKS 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related t...

CVE-2011-4056

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 aka 6.6 SP1, 7.5.217 aka 7.5 SP2, and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files via the save method...

InduSoft WebStudio Unauthenticated Remote Operations Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Indusoft Web Studio. Authentication is not required to exploit this vulnerability. The flaw exists within the Remote Agent component CEServer.exe which listens by default on TCP port 4322. When...

FreeWebShop 2.2.9 R2 - 'ajax_save_name.php' Remote Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocum...

WordPress Zingiri 2.2.3 Code Execution

get; 41. ifremoveTrailingSlash$sessionAction-getFolder == getParentPath$POST'id' && sizeof$selectedDocuments 42. 43. if$key = arraysearchbasename$POST'id', $selectedDocuments !== false 44. 45. $selectedDocuments$key = $POST'value'; 46. $sessionAction-set$selectedDocuments; 47. 48. 49. echo...

Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution

Oracle Hyperion Financial Management TList6 ActiveX Control Remote Code Execution Vulnerability tested against: Internet Explorer 8 Microsoft Windows Server 2003 r2 sp2 download url: http://www.oracle.com/technetwork/middleware/epm/downloads/index.html files tested: SystemInstaller-11121-win32.zi...

CentOS Update for seamonkey CESA-2009:1531 centos3 i386

Check for the Version of seamonkey OpenVAS Vulnerability Test CentOS Update for seamonkey CESA-2009:1531 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Tugux CMS 1.2 (pid) Remote Arbitrary File Deletion Vulnerability

Summary Tugux CMS is a free, open-source content Management system CMS and application that powers the entire web. Description Input passed to the 'pid' parameter in administrator/deletepageparse.php is not properly sanitised before being used to delete files. This can be exploited to delete file...

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

Code injection

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff aka groff before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document...

CVE-2009-5078

The CVE-2009-5078 issue affects GNU troff (groff) before 1.21: contrib/pdfmark/pdfroff.sh launches Ghostscript without the -dSAFER option, enabling a remote attacker to create, overwrite, rename, or delete arbitrary files via a crafted document. Impact is partial integrity and partial availabilit...