3751 matches found
WordPress eShop Magic Plugin <= 0.1 - Local File Inclusion
This plugin is prone to eshop-magic/download.php file parameter traversal arbitrary file access vulnerability. It allows attackers to disclose sensitive information. Solution Update the plugin...
PHP Hash compare the presence of defects, the impact of a large number of Web site login authentication, Forgot Password and other business-critical-vulnerability warning-the black bar safety net
! The recent one is called“Magic Hash”PHP vulnerability may allow an attacker to illicitly obtain user account information. The vulnerability cause is PHP in a particular way the process is hash the string, the attacker can use its from to try and may get the password, bypassing the login...
eFront 3.6.15 PHP Object Injection
eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...
Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection
Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator. This exploit needs magicquotesgpc turned off in the destination server. File Functions/Shortcodes.php line 779 PoC http:///?SingleProduct=2'+and+'a'='a...
WordPress Plugin Tune Library 1.5.4 - SQL Injection
WordPress Plugin Tune Library 1.5.4 - SQL Injection ======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Sco...
How to Run Linux Kernel on Canon DSLRs Cameras
Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii. What If I could port Linux Kernel to my...
Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net
0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...
CVE-2015-2086
Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...
Cross site scripting
Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...
CVE-2015-2086
Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...
CVE-2015-2086
CVE-2015-2086 describes an XSS vulnerability in the live preview of the Panopoly Magic module for Drupal 7.x, prior to 7.x-1.17. The issue arises from insufficient filtering of the pane title during re‑rendering of the preview, allowing remote authenticated users to inject arbitrary scripts/HTML....
Drupal Panopoly Magic Module Cross-Site Scripting Vulnerability
Drupal is an open source content management platform. A cross-site scripting vulnerability exists in Drupal Panopoly Magic Module, which allows remote attackers to exploit this vulnerability to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive...
SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting (XSS)
This module enables live previews of Panels panes in the modal dialog for adding or editing them. The module doesn't sufficiently filter the pane title when re-rendering the live preview. This vulnerability is mitigated by the fact that an attacker must have permission to add or edit Panels panes...
New CMS 2.1 Local File Inclusion
=============================================== + TITLE : NEW CMS Local File Inclusion Vulnerability /proc/self/environ + VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice + VERSION : 2.1 or Later + AUTHOR : R3vanBastard + TESTED ON : Windows + DORK : "New CMS"...
CentOS 7 : kernel (CESA-2014:1971)
Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
Kernel: HID: OOB write in magicmouse driver
An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device HID reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on...
openSUSE Security Update : file (openSUSE-SU-2014:1516-1)
file was updated to fix one security issue. This security issue was fixed : - Out-of-bounds read in elf note headers CVE-2014-3710. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
[ MDVSA-2014:201 ] kernel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:201 http://www.mandriva.com/en/support/security/ Package : kernel Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...
TinyRise 最新版注射获取敏感信息
简要描述: TinyRise 最新版注射获取敏感信息 详细说明: 主要问题出在filterclass.php: public static function text$str $config = HTMLPurifierConfig::createDefault; $cachedir=Tiny::getPath'cache'."/htmlpurifier/"; if!fileexists$cachedir File::mkdir$cachedir; $config = HTMLPurifierConfig::createDefault; //配置 缓存目录...
Information disclosure
The Magicam Photo Magic Editor aka mobi.magicam.editor application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...