UBUNTU-CVE-2013-5739

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file, related to the getallowedmimetypes function in wp-includes/functions.php...

CVE-2013-5739

The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file, related to the getallowedmimetypes function in wp-includes/functions.php...

CVE-2013-5738

The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...

wordpress -- multiple vulnerabilities

The wordpress development team reports: Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution. Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user. F...

Joomla Media Manager File Upload Vulnerability

This Metasploit module exploits a vulnerability found in Joomla 2.5.x up to 2.5.13, as well as 3.x up to 3.1.4 versions. The vulnerability exists in the Media Manager component, which comes by default in Joomla, allowing arbitrary file uploads, and results in arbitrary code execution. The module...

Updated mediawiki packages fix security vulnerability

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 CVE-2013-2114...

MGASA-2013-0221 Updated mediawiki packages fix security vulnerability

MediaWiki user Marco discovered that security checks for file uploads were not being run when the file was uploaded in chunks through the API. This option has been available to users who can upload files since MediaWiki 1.19 CVE-2013-2114...

[Vega v1.0] Web Application Security Scanner

Vega is an open source platform to test the security of web applications. Vega can help you find and validate SQL Injections, Cross-Site Scripting XSS, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux , OS X , and Window...

HP Intelligent Management Center - Arbitrary File Upload (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 /Apache-Coyote/ include...

DEXTUpload filter is not strict lead to any uploaded file for the webshell permissions-bug warning-the black bar safety net

DEXTUpload filter is not strict lead to any uploaded file for the webshell permissions Detailed description: ! The first option one can upload the gif image,properly uploaded,spying on function of whether you can complete the upload ! Upload it,don't know pass? So I just upload when the time to r...

[SECURITY] Fedora 16 Update: perl-CGI-3.52-203.fc16

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

Fedora Update for perl-CGI FEDORA-2012-19282

Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2012-19282 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: perl-CGI-3.52-218.fc17

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

The new concept of foreign language network teaching platform to upload files and repair programme-vulnerability warning-the black bar safety net

Information disclosure and privilege is not strict result in the column directory and upload To a certain University, for example: http://www.myhack58.com /NPELS NPELSLearningCenter5. 0 client Update. exe. config file leaked an important address setting name="UpdateCommonSvrCommonService"...

[SECURITY] Fedora 18 Update: perl-CGI-3.51-10.fc18

CGI.pm is a stable, complete and mature solution for processing and prepari ng HTTP requests and responses. Major features including processing form submissions, file uploads, reading and writing cookies, query string genera tion and manipulation, and processing and preparing HTTP headers. Some...

taocms code execution vulnerability-vulnerability warning-the black bar safety net

See the new CMS, curious downloaded the source code looked at it. Is not my mistake. Oh. in. How to write into that sub, it seems like anything can call it. First time to see api.php $ctrl; Then include\Model\File.php All methods can be directly called? Like:...

Directory traversal

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. dot dot in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files...

CVE-2011-4449

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...

Code injection

actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...

CVE-2011-4449

CVE-2011-4449 affects WikkaWiki 1.3.1 and 1.3.2. When INTRANET_MODE is enabled, the actions/files/files.php upload handling permits uploading files with extensions typically not listed in Apache’s TypesConfig, enabling remote attackers to place multi-extension files (e.g., .mm or .vpp) and execut...