3566 matches found
Code injection
The Lights-Out Management LOM implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller BMC file uploads via unspecified vectors, aka Bug ID CSCus87938...
CVE-2015-0739
The Lights-Out Management LOM implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Controller BMC file uploads via unspecified vectors, aka Bug ID CSCus87938...
WordPress N-Media Website Contact Form File Upload Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A file upload vulnerability exists in WordPress N-Media Website Contact Form. The vulnerability allows attackers to perform...
Joyful Note vulnerability in handling files
Overview Joyful Note from KENT-WEB is a bulletin board software that allows users to upload binary files such as image files. Joyful Note contains a vulnerability in handling files. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
OpenStack Glance Denial of Service Vulnerability
Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance's handling of image file uploads, which could be exploited by an attacker to crash an application...
WordPress WP Symposium plugin has multiple cross-site scripting vulnerabilities
WordPress WP Symposium plugins are web plugins that add social features. WP Symposium 14.11 and prior versions fail to properly validate uploaded file types, allowing under attackers to upload and execute arbitrary php code...
F5 Networks BIG-IP : PHP vulnerability (SOL14574)
The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid open square bracket characters in name values, which makes it easier for attackers to cause a denial of service malformed $FILES indexes or conduct directory traversal attacks during multi-file upload...
DLA-65-1 python-django - security update
Bulletin has no description...
Mandriva Linux Security Advisory : python-django (MDVSA-2014:179)
"Updated python-django packages fix security vulnerabilities : These releases address an issue with reverse generating external URLs CVE-2014-0480 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Mandriva Linux Securit...
Updated python-django packages fix multiple vulnerabilities
Updated python-django and python-django14 packages fix security vulnerabilities: These releases address an issue with reverse generating external URLs CVE-2014-0480; a denial of service involving file uploads CVE-2014-0481; a potential session hijacking issue in the remote-user middleware...
FreeBSD : django -- multiple vulnerabilities (3c5579f7-294a-11e4-99f6-00e0814cab4e)
The Django project reports : These releases address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. We encourage all users of Django to...
xeCMS <= 1.0.0 RC2 Insecure Cookie Handling Vulnerability
No description provided by source. -+================================================================================+- -+ xeCMS = 1.0.0 RC2 Insecure Cookie Handling Vulnerability +- -+================================================================================+- Discovered By: t0pP8uZz...
JBrowser 1.0/2.x Unauthorized Admin Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9537/info Due to a lack of access validation to the 'admin' directory, malevolent users may be able to execute arbitrary admin scripts. This may allow a malicious user to upload arbitrary files to the affected system and...
Joomla Media Manager File Upload Vulnerability
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Internet Explorer 5.5/6.0/7.0 JavaScript Key Filtering Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18308/info Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. This issue is demonstrated to allow attackers to divert...
LocatePC 1.05 (Ligatt Version + Others) - Trivial SQL Injection
No description provided by source. Affected Software: LocatePC 1.05 Consequences: Arbitrary SELECT queries against the LocatePC and mysql database. The LocatePC database contains enough information to stalk all users of the software. It may be possible to instruct the software to upload arbitrary...
Pixelpost <= 1-5rc1-2 Remote Privilege Escalation Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: pixelpost \RSS 2.0\ \ATOM feed\ \Valid xHTML / Valid CSS\r\n\r\n; /...
ImageVue 0.16.1 dir.php Folder Permission Disclosure
No description provided by source. source: http://www.securityfocus.com/bid/16594/info ImageVue is prone to multiple vulnerabilities, including unauthorized uploading of files with arbitrary extensions, authentication bypass, information disclosure, and content injection. Successful exploitation...
TP-Link TL-SC3171 IP Cameras - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras 1. Advisory Information Title: Multiple Vulnerabilities in TP-Link TL-SC3171 IP Cameras Advisory ID: CORE-2013-0618 Advisory URL:...
Firefox 1.x JavaScript Key Filtering Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18308/info Multiple web browsers are prone to a JavaScript key-filtering vulnerability because the browsers fail to securely handle keystroke input from users. This issue is demonstrated to allow attackers to divert...