CVE-2014-3948

CVE-2014-3948 applies to the TYPO3 powermail extension. The HTML export wizard in the powermail backend module is affected by a cross-site scripting (XSS) vulnerability in versions up to 1.6.10, allowing remote attackers to inject arbitrary script via unspecified vectors. A fixed release is 1.6.1...

CVE-2014-3948

Cross-site scripting XSS vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Arbitrary code execution in extension "powermail" (powermail)

It has been discovered that the extension "powermail" powermail is susceptible to arbitrary code execution and Cross-Site Scripting Release Date: May 22, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: powermail:...

Arbitrary file creation in AbstractRendererExporterImpl

To reproduce: 1. Create a new space. 2. Create a new page. 3. Attach a file called test.txt to the page. 3. Edit the page, and add an image with the URL: code /confluence/s/download/attachments/pageid//../../../../../../../../../../../../tmp/test.txt code \pageid\ must be replaced with the actual...

[WS_FTP Password Decryptor] Recover FTP login passwords stored by WS_FTP

WSFTP Password Decryptor is the FREE software to instantly recover FTP login passwords stored by WSFTP - one of the popular FTP client application. WSFTP stores the password for all the past FTP sessions in the "wsftp.ini" file so that user don't have to enter it every time. WSFTP Password...

[WiFi Password Decryptor] Free Wireless Password Recovery Software

| WiFi Password Decryptor is the FREE software to instantly recover Wireless account passwords stored on your system. --- It automatically recovers all type of Wireless Keys/Passwords WEP/WPA/WPA2 etc stored by Windows Wireless Configuration Manager. For each recovered WiFi account, it displays...

CVE-2012-3217

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK...

Buffer overflow

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK...

CVE-2012-3217

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK...

KeyPass Password Safe 1.22 Cross Site Scripting

Title: ====== KeyPass Password Safe v1.22 - Software Filter Vulnerability Date: ===== 2012-06-26 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=615 VL-ID: ===== 615 Common Vulnerability Scoring System: ==================================== 3 Introduction: =============...

Oracle Outside In多个缓冲区溢出漏洞

Bugraq ID: 34994 CVE ID：CVE-2009-1009 CVE-2009-1010 CVE-2009-1011 CNCVE ID：CNCVE-20091009 CNCVE-20091010 CNCVE-20091011 Oracle Outside In是一款软件开发工具包套件SDK，为开发人员提供了一个访问、转换和控制 400 多种非结构化文件格式的内容的综合解决方案。 Oracle Outside In存在多个缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 -处理Microsoft...

Oracle存在多个安全漏洞

CNCAN ID：CNCAN-2009041604 多个Oracle产品存在漏洞，可导致SQL注入，泄漏敏感信息或使攻击者破坏系统： -Oracle Process Manager和Notification opmn守护程序存在格式串错误，提交特殊构建的POST请求给port 6000/TCP可导致任意代码执行。 -传递给"DBMSAQIN"的输入在使用前缺少过滤，可导致注入任意SQL代码。 -Oracle数据库包含的Application Express组件存在错误，非特权用户可以获得"LOWS030000.WWVFLOWUSER"中的APEX密码HASH。 目前还存在多个未知漏洞。...