Wordpress Gallery插件'load'参数远程文件包含漏洞

Bugtraq ID:57650 CVE ID: CVE-2012-4919 WordPress Gallery是一款用于Wordpress的图库插件。 通过"load"参数提交给wp-content/plugins/wordpress-gallery/functions/updateorder.ph的输入在用于包含文件之前缺少校验，允许攻击者利用漏洞包含远程文件，并以WEB权限执行任意代码。 0 WordPress Gallery Plugin 1.x 厂商解决方案 目前没有详细解决方案提供：...

CVE-2012-5148

Removed by vendor...

Prizm Content Connect - Arbitrary File Upload

source: https://www.securityfocus.com/bid/57242/info Prizm Content Connect is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can resul...

WordPress Plugin Uploader - Arbitrary File Upload

WordPress Plugin Uploader - Arbitrary File Upload source: https://www.securityfocus.com/bid/57112/info The Uploader plugin for WordPress is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to...

CreateSupportZipAction directory traversal

There’s a directory traversal vulnerability in the CreateSupportZipAction action that allows a malicious user to include arbitrary log files into a support zip. This is because the SupportUtility object is marked as @ParameterSafe, and no validation is performed on its serverLogsDirectory path...

PHP Support Tickets 1.9 Cross Site Scripting

Google dork: "PHP Support Tickets v1.9" inurl:index.php?action= "PHP Support Tickets v1.9" by "Triangle Solutions Ltd" allows XSS attack at index.php and some implementations also has a bad uploaded files validation allowing to upload a js with a jpg extension that could be using for bypassing XS...

Novell ZENworks Asset Management rtrlet File Upload Traversal

Added: 10/09/2012 CVE: CVE-2011-2653 BID: 50966 OSVDB: 77583 Background Novell ZENworks is a resource management solution consisting of a management server and management agents. Problem The Asset Management module ZAM of ZENworks version 7.5 fails to validate the name of uploaded files via POST...

Ajaxmint Gallery 1.0 Local File Inclusion

========================================================= VUlnerable Software: Ajaxmint Gallery version 1.0 @Software AjaxMint Gallery @Author Rajapandian - [email protected] http://ajaxmint.com/ =========================================================...

phpMyAdmin -- Path disclosure due to missing verification of file presence

The phpMyAdmin development team reports: The showconfigerrors.php scripts did not validate the presence of the configuration file, so an error message shows the full path of this file, leading to possible further attacks. For the error messages to be displayed, php.ini's errorreporting must be se...

CVE-2011-2772

The getdatarootimagepath function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service memory consumption via a 1 large or 2 invalid image...

Fedora 14 : tomcat6-6.0.26-27.fc14 (2011-13457)

Fixes for: CVE-2011-3190 - authentication bypass and information disclosure CVE-2011-2526 - send file validation CVE-2011-2204 - password disclosure vulnerability JAVAHOME setting in tomcat6.conf CVE-2011-0534, CVE-2011-0013, CVE-2010-3718 Note that Tenable Network Security has extracted the...

Microsoft Pushes Out Two New Security Tools

In parallel with its release of 17 bulletins on Patch Tuesday this month, Microsoft also unveiled two new tools that are meant to help make a couple of common exploitation scenarios more difficult for attackers. The company released a tool called Office File Validation for some older versions of...

Automne 4.1.0 Race Condition

// ------------------------------------------------------------------------ // Software................Automne 4.1.0 // Vulnerability...........Race Condition // Threat Level............Very Critical 5/5 // Download................http://en.automne-cms.org/ // Release Date............3/2/2011 //...

5UCMS <= v1. 2. 2 0 2 4 background not validation and SQL injection-vulnerability warning-the black bar safety net

Brief description: The background file does not do verification, it has been filtered does not strictly lead toSQL injection Detailed description: File location admin/ajax. asp 2 4 row Case "modeext" .. 2 6 row ecid=ReplaceRequest"cid","'","" 2 7 row cid=ReplaceRequest"id","'","" .. .. 3 1 The li...

CVE-2011-0771

The Janrain Engage formerly RPX module 6.x-1.3 for Drupal does not validate the file for a profile image, which allows remote authenticated users to conduct cross-site scripting XSS attacks and possibly execute arbitrary PHP code by causing a crafted avatar to be downloaded from an external login...

SA-CONTRIB-2011-003 - Janrain Engage (RPX) - Multiple Vulnerabilities

RPX recently renamed Janrain Engage is a service that acts as a middleman between a site and external login providers like Facebook, Yahoo, WindowsLive, etc. As part of this functionality it offers the ability to take a user's avatar on these services and download it for use as the user's profile...

High Bay articles system is the latest version 0Day analysis-vulnerability warning-the black bar safety net

Bored online in scurry, who is actually known found a website is to hang a horse. A closer look at the site, it scared me a big jump, is hanging horse website turned out to be the High-Bay articles system web site. www.gaobei.com. Even the official are hanging out with horses, don't have the...

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-04

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-04 PR10-04 Directory traversal limited to file validation within Viva thumbs WordPress add-on Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Thursday, 4 February 2010 Vendor informed: Monday, 8 Februar...

WordPress Viva Thumbs Directory Traversal

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-04 PR10-04 Directory traversal limited to file validation within Viva thumbs WordPress add-on Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Thursday, 4 February 2010 Vendor informed: Monday, 8 Februar...

SmarterTools SmarterMail < 7.2.3925 Directory Traversal Vulnerability

SmarterTools SmarterMail is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...