GLPI 0.83.8 SQL Injection Vulnerability

GLPI version 0.83.8 suffers from multiple error-based SQL injection vulnerabilities. Input passed via the POST parameter 'usersidassign' in '/ajax/ticketassigninformation.php' script, POST parameter 'filename' in '/front/document.form.php' script, and POST parameter 'table' in...

File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities

Title: ====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: =============...

CVE-2013-1948

converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename...

Janissaries Joomla Civicrm Shell Upload

||| /|/ | /\ | //|| /\ / / / / / / /// ----------------------------------------------------------------------------- Janissaries Joomla ComCivicrm Exploitation Tool with MultiThread Coded by Miyachung Stay away from lamers o.O Contact: [email protected] Special Thanks : B127Y Site:...

CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

Design/Logic Flaw

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

CVE-2013-1875

commandwrap.rb in the commandwrap Gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a URL or filename...

CVE-2013-1495

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...

Design/Logic Flaw

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...

CVE-2013-1495

asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp...

CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

UBUNTU-CVE-2013-1833

Multiple cross-site scripting XSS vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename...

Ruby ftpd Gem 'filename' Parameter Remote Command Execution

Nessus was able to exploit a code injection vulnerability in the Ruby ftpd Gem by providing a specially crafted 'filename' parameter to the LIST command. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid65078; scriptversion"1.9"; scriptcvsdate"Date: 2018/11/15 20:50:22...

SuSE 11.2 Security Update : Apache (SAT Patch Number 7409)

This update fixes the following issues : - Denial of Service via special requests in modproxyajp. CVE-2012-4557 - improper LDLIBRARYPATH handling. CVE-2012-0883 - filename escaping problem Additionally, some non-security bugs have been fixed:. CVE-2012-2687 - ignore case when checking against SNI...

SuSE 10 Security Update : apache2 (ZYPP Patch Number 8443)

This update fixes the following security issues with apache2 httpd : - Improper LDLIBRARYPATH handling. CVE-2012-0883 - Filename escaping problem CVE-2012-2687 Additionally, some non-security bugs have been fixed as enumerated in the changelog of the RPM. %NASLMINLEVEL 70300 C Tenable Network...

CVE-2012-6275

Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via 1 the filename header in an SCH request or 2 the userid component in a DUPF request...

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Multiple cross-site scripting XSS vulnerabilities in the makevariantlist function in modnegotiation.c in the modnegotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted...

Thinksns2. 8 file upload exploit exp-vulnerability warning-the black bar safety net

Vulnerability version The presence of vulnerabilities the version: latest 2. 8 stable version. Other version not test. Vulnerability file Vulnerable file is: thumb.php Author: Wei kunpeng 1, Prepare the following PHP file and upload it to the server yourself. File content as follows: ? php echo “...