Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10 Vulnerability Laboratory ID VL-ID:...

Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities

Document Title: =============== Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1166 Release Date: ============= 2013-12-10 Vulnerability Laboratory ID VL-ID:...

WordPress Think Responsive 1.0 Shell Upload

. . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Think Responsive Themes Arbitrary File Upload Vulnerability Author: Byakuya Date: 11/01/2013 Vendor Homepage:...

WordPress Amoveo Themes Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications . . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Amoveo Themes Arbitrary File Upload Vulnerability Author: Byakuya...

WordPress Curvo Shell Upload

. . . \ \ | / \ \ \ | || / \ / / \ / |/ \ / | / \ / / /| | |/ \ \ \ // \ / / | \ /\ / | \ \ \ / \ //\ |\ | /\ // | /|\ / / / / / / / Exploit Title: WordPress Curvo Themes Arbitrary File Upload Vulnerability Author: Byakuya Date: 10/28/2013 Vendor Homepage: http://themeforest.net/...

trs某系统任意文件下载漏洞第二弹

简要描述： 感觉挺严重的问题，存在的地方包括但是不局限银行、政府等行业。 详细说明： exp inforadar/jsp/util/filedownload.jsp?filePath=../../../../../../../etc/passwd exp2 http://inforadar.trs.com.cn/jsp/util/filedownload.jsp?filePath=c:%5Cboot.ini%00.xml 官方网站需要加个截断，就可以了 应该是神马雷达系统。 很多地方都有这问题。 但是google找不到多少个，因为很多都是二次开发，目录明改变了。 比如招行。。。...

UbiDisk File Manager v2.0 iOS - Multiple Vulnerabilities

Document Title: =============== UbiDisk File Manager v2.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1109 Release Date: ============= 2013-10-14 Vulnerability Laboratory ID VL-ID: ====================================...

PYSEC-2013-32

cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

CVE-2013-4315

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

PYSEC-2013-20

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

Resource file path traversal in WebImagesDownloadResourceManager

To reproduce: 1. Create a new page named foo any name can be used, but it must match the markup in step 3 2. In the editor, create an unmigrated-wiki-markup macro by typing "\a" don't copy/paste 3. Replace the "\a" in the macro with: code:none foo|foo|" code 4. Save the page. 5. Export to word...

Amazon Linux AMI : php (ALAS-2011-07)

The MITRE CVE database describes these CVEs as : Revert isa behavior to php = 5.3.6 and add a new new option allowstring for the new behavior accept string and raise autoload if needed Use-after-free vulnerability in the substrreplace function in PHP 5.3.6 and earlier allows context-dependent...

Google Chrome Multiple Vulnerabilities-01 (Aug 2013) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

PT-2013-4018 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 29.0.1547.57 Description: The issue arises from the FilePath::ReferencesParent function in files/file path.cc, which does not properly handle pathname components composed entirely of . dot and whitespace...

FreeBSD : wordpress -- multiple vulnerabilities (049332d2-f6e1-11e2-82f3-000c29ee3065)

The wordpress development team reports : - Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site - Disallow contributors from improperly publishing posts - An update to the SWFUpload external library to fix cross-site scripting...

Fedora 18 : wordpress-3.5.2-1.fc18 (2013-11630)

WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also...

Oracle Linux 5 : perl (ELSA-2010-0458)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2010-0458 advisory. - CVE-2008-5302 - use latest patch without Cwd module - CVE-2008-5302 perl: File::Path rmtree race condition CVE-2005-0448 reintroduced after upstream...

CentOS 4 : perl (CESA-2005:674)

Updated Perl packages that fix security issues and contain several bug fixes are now available for Red Hat Enterprise Linux 4. This update has been rated as having low security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system...

WordPress < 3.5.2 Multiple Vulnerabilities

According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - The application contains a denial of service attack, affecting sites using password-protected posts. CVE-2013-2173 - The application is affected by a server-side...