CVE-2014-6622

Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to determine the validity of filenames via unspecified vectors...

CVE-2014-3349

Cisco Intelligent Automation for Cloud (Cisco Cloud Portal) suffers an arbitrary file upload vulnerability due to insufficient input validation of file types during file submission. An authenticated, remote attacker could submit a crafted file to an affected device, enabling arbitrary file upload...

CVE-2014-3349

Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410...

CVE-2014-3349

Cisco Intelligent Automation for Cloud aka Cisco Cloud Portal does not validate file types during the handling of file submission, which allows remote authenticated users to upload arbitrary files via a crafted request, aka Bug ID CSCuh87410...

CVE-2014-5100

Multiple cross-site request forgery CSRF vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new super user account via a request to admin/users/add, 2 insert cross-site scripting XSS sequences via the apikeylabel...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that 1 add a new super user account via a request to admin/users/add, 2 insert cross-site scripting XSS sequences via the apikeylabel...

Omeka 2.2.1 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...

Omeka 2.2 Cross Site Request Forgery / Cross Site Scripting

Omeka...

VBZoom 1.0 - Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5926/info It has been reported that VBZoom 1.01 may allow attackers to upload arbitrary files to a vulnerable system. The vulnerability is the result of VBZoom failing to properly validate the types of files that are...

mkportal <= 1.2.1 () Multiple Vulnerabilities

No description provided by source. waraxe-2009-SA070 - Multiple Vulnerabilities in MKPortal = 1.2.1 ============================================================================== Author: Janek Vind waraxe Date: 15. January 2009 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-70.html...

Discuz! &lt;=2.5 csrf防御绕过

简要描述： 在Discuz! '.gif', 2 = '.jpg', 3 = '.png'; 只检查了后缀而不像3.0以上用库检查了图片格式 漏洞证明： 步骤 1、新建一个获取页面源码 提取formhash 然后用formhash发送添加副站长请求的swf，保存为.jpg后缀 2、注册一个账号，去/home.php?mod=spacecp&ac=avatar上传上一步生成的.jpg后缀的swf文件并抓包 上传后的地址应该是 http://192.168.1.104/ucserver/data/tmp/uploaduid.jpg这样的...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

SolarWinds Server and Application Monitor wpdlx Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SolarWinds Server and Application Monitor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

OpenJDK: jarsigner does not detect unsigned bytecode injected into signed jars

jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote attackers to bypass a code-signing protection mechanism and inject unsigned bytecode into a signed JAR file by leveraging improper file validation...

flashplugin: multiple issues

CVE-2015-0301 Improper file validation issue. - CVE-2015-0302 information disclosure Information disclosure vulnerability that could be exploited to capture keystrokes on the affected system. - CVE-2015-0303, CVE-2015-0306 arbitrary code execution Memory corruption vulnerabilities that could lead...

Windows file Checksums: Matches

List Windows files with no checksum violation or error SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP < 5.3.11 Multiple Vulnerabilities

Binary data 6995.prm...

Fedora 18 : mediawiki-1.19.7-1.fc18 (2013-9616)

bug 48306 SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...

Fedora 17 : mediawiki-1.19.7-1.fc17 (2013-9622)

bug 48306 SECURITY: Run file validation checks on chunked uploads, and chunks of upload, during the upload process. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format...