SUSE-SU-2017:2744-1 Security update for xerces-j2

xerces-j2 was updated to fix several issues. This security issue was fixed: - bsc814241: Prevent possible DoS through very long attribute names This non-security issue was fixed: - Prevent StackOverflowError when applying a pattern restriction on long strings while trying to validate an XML file...

TicketPlus - Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: TicketPlus - Support Ticket Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link:...

Path traversal

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

CVE-2017-3163

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path...

Remote Code Execution (RCE)

sshj is vulnerable to remote code execution RCE attacks. The library does not validate files when downloading files, allowing a malicious user to upload an arbitrary file that will get executed...

Updated vim packages fix security vulnerabilities

Florian Larysch and Bram Moolenaar discovered that vim, an enhanced vi editor, does not properly validate values for the "filetype", "syntax" and "keymap" options, which may result in the execution of arbitrary code if a file with a specially crafted modeline is opened CVE-2016-1248. A...

Orangescrum 1.6.1 File Upload / Cross Site Scripting

Exploit Title: Orangescrum 1.6.1 Multiple Vulnerabilities Google Dork: NA Date: July 9 2017 Exploit Author: [email protected] Author blog : cupuzone.wordpress.com Vendor Homepage: https://www.orangescrum.org/ Software Link: https://www.orangescrum.org/free-download Version: 1.6.1 Tested on:...

Improper File Validation

Drupal is vulnerable to improper file validations. The library does not validate uploaded REST files, allowing an authenticated malicious user to modify the file resource...

BigTree-CMS 4.2.x < 4.2.17 Multiple Vulnerabilities

Binary data 700143.prm...

The vulnerability arises from insufficient checking of update files in the update folder of the VipNet Coordinator software protection system. This allows a perpetrator to execute arbitrary code.

The vulnerability of the VipNet Coordinator information protection software lies in insufficient checks on access rights to the update folder, as well as insufficient checks on the integrity and authenticity of update files. Exploiting this vulnerability could allow an attacker, operating locally...

PlaySMS 1.4 - sendfromfile.php Remote Code Execution Unrestricted File Upload

PlaySMS 1.4 - sendfromfile.php Remote Code Execution Unrestricted File Upload Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php Date: 14-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh...

PlaySMS 1.4 - &#039;/sendfromfile.php&#039; Remote Code Execution / Unrestricted File Upload

Exploit Title: PlaySMS 1.4 Code Execution using $filename and Unrestricted File Upload in sendfromfile.php Date: 14-05-2017 Software Link: https://playsms.org/download/ Version: 1.4 Exploit Author: Touhid M.Shaikh Contact: http://twitter.com/touhidshaikh22 Website: http://touhidshaikh.com/...

CVE-2015-6568

Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/filemanager/browse/ aka the filemanager does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a...

Fortinet Connect Elevation of Privilege Vulnerability

Fortinet Connect is a device-based and user-based policy deployment network security access device developed by Fiat Fortinet. A security vulnerability exists in Fortinet Connect that stems from the program failing to adequately validate uploaded files. The vulnerability can be exploited to execu...

Input validation

An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be uploaded, containing a valid .ecf component...

UBUNTU-CVE-2017-5630

PECL in the download utility class in the Installer in PEAR Base System v1.10.1 does not validate file types and filenames after a redirect, which allows remote HTTP servers to overwrite files via crafted responses, as demonstrated by a .htaccess overwrite...

Joomla! < 3.6.5 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is prior to 3.6.5. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the JFilterInput::isFileSafe function due to improper validation of file types and extensions of...

fontconfig security update

CentOS Errata and Security Advisory CESA-2016:2601 An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

Moderate: Red Hat Security Advisory: fontconfig security and bug fix update

An update for fontconfig is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

SUSE-SU-2016:2627-1 Security update for POS_Image3, POS_Server3

This update provides POSImage3 and POSServer3 version 3.5.5, which bring many fixes and enhancements: - Fixed potential security issues bsc946740 use three argument perl open function consistently use array in perl system call everywhere use preferably perl built-in functions instead of external...