406 matches found
Fedora 22 : drupal7-feeds-2.0-0.12.alpha9.fc22 (2015-10994)
7.x-2.0-alpha9 This is a security release. People running 7.x-2.0-alpha8 or below should update. This release only contains security fixes, no additional bug fixes or features. Changes since 7.x-2.0-alpha8 : - Issue 2495145 by twistor, cashwilliams, greggles, klausi: Possible XSS in...
Design/Logic Flaw
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...
CVE-2015-2995
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file...
CryptoLocker Variant Coming After Gamers
Gamers may soon be feeling the pain of crypto-ransomware. A variant of CryptoLocker is in the wild that goes after data files associated with 20 different online games, locking downloadable content in an attempt to target younger computer users. Researchers at Bromium today said an unnamed...
GLPI 0.85.2 Shell Upload / Privilege Escalation
Multiple vulnerabilities have been identified in GLPI http://www.glpi-project.org. 1/ Arbitrary file upload Severity: Important Versions Affected =========== All versions between 0.85 and 0.85.2 Description ======= When an user wants to create a new ticket, he has the possibility to add an...
Exploit-Easy-RM-to-MP3-2.7.3.700
Exploit Title: Easy RM to MP3 2.7.3.700 Local Buffer Overflow .m3u , .pls , .smi , .wpl , .wax , .wvx , .ram Date: 4 / 8 / 2010 Author: Oh Yaw Theng Software Link: http://www.exploit-db.com/application/10642/ Version: 2.7.3.700 Tested on: Windows XP SP 1 This exploit works for all the file...
Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / Title: Nakid CMS fckeditor Remote Arbitrary File Upload Exploit Developers: www.nakid.org Download : https://sourceforge.net/projects/nakidcms/files/Nakid%20CMS%20v052.rar/download Version: 0.5.2 exploited by ..: eidelweiss details..: works with an Apache...
Microsoft Outlook Express 5/6 Spoofable File Extensions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5277/info It is possible for a malicious user, sending email via a mail agent capable of manipulating the MIME headers, to spoof file extensions for users of Outlook Express. For example, an .exe file can be made to look...
Camiro-CMS_beta-0.1 (fckeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- Camiro-CMSbeta-0.1 fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Download :...
Microsoft Internet Explorer 5.5/6.0 Spoofable File Extensions Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3597/info It is possible for a malicious webmaster, hosting files on an website, to spoof file extensions for users of Internet Explorer. For example, an .exe file can be made to look like a .txt or other seemingly harmle...
Juke 4.0.2 DoS Multiple Files
No description provided by source. Exploit Title: Juke 4.0.2 DoS Multiple Files Date: April 6, 2010 Software Link: http://www.wolosoft.com/en/download.html Version: 4.0.2 Tested on: Windows XP SP3 Author: anonymous Juke will Crash when you run this script to make a file with any of the following...
Iamma Simple Gallery 1.0/2.0 - Arbitrary File Upload Vulnerability
No description provided by source. Found by: X0r Iamma Simple Gallery Arbitrary File Upload Version: 1,2 ? Email: evolutionteam.x0atgmaildotcom Script Download:http://www.matteoiammarrone.com/public/modules.php?name=Downloads&dop=getit&lid=4 Script Download...
hustoj (fckeditor) Remote Arbitrary File Upload Exploit
No description provided by source. ?php / ----------------------------------------------------------------- hustoj fckeditor Remote Arbitrary File Upload Exploit ----------------------------------------------------------------- Hustoj is HUST ACM OnlineJudge with GNU/GPL v2 License Download :...
PT-2014-5359 · Red Hat · Openshift Origin +1
Name of the Vulnerable Software and Affected Versions: OpenShift Origin and Enterprise versions 1.2.8 through 2.1.1 Description: The issue allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with certain file extensions in a cartridge manifest fil...
CVE-2013-4250
The 1 file upload component and 2 File Abstraction Layer FAL in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors to execute arbitrary PHP code by uploading a .php file...
WordPress Theme Kiddo - Arbitrary File Upload
source: https://www.securityfocus.com/bid/65460/info The Kiddo theme for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because the application fails to sufficiently sanitize file extensions. An attacker can exploit this issue to upload arbitrar...
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/65060/info The Global Flash Gallery plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this...
WordPress Plugin PhotoSmash Galleries - bwbps-uploader.php Arbitrary File Upload
WordPress Plugin PhotoSmash Galleries - bwbps-uploader.php Arbitrary File Upload source: https://www.securityfocus.com/bid/64173/info The PhotoSmash Galleries plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly...
WordPress Plugin PhotoSmash Galleries - 'bwbps-uploader.php' Arbitrary File Upload
source: https://www.securityfocus.com/bid/64173/info The PhotoSmash Galleries plugin for WordPress is prone to a vulnerability that lets attackers upload arbitrary files. The issue occurs because it fails to properly validate file extensions before uploading them. An attacker may leverage this...
CVE-2013-5178
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequence...