Lucene search
K

3751 matches found

Patchstack
Patchstack
added 2015/05/15 12:0 a.m.16 views

WordPress eShop Magic Plugin <= 0.1 - Local File Inclusion

This plugin is prone to eshop-magic/download.php file parameter traversal arbitrary file access vulnerability. It allows attackers to disclose sensitive information. Solution Update the plugin...

3.7AI score
Exploits0References1Affected Software1
myhack58
myhack58
added 2015/05/12 12:0 a.m.72 views

PHP Hash compare the presence of defects, the impact of a large number of Web site login authentication, Forgot Password and other business-critical-vulnerability warning-the black bar safety net

! The recent one is called“Magic Hash”PHP vulnerability may allow an attacker to illicitly obtain user account information. The vulnerability cause is PHP in a particular way the process is hash the string, the attacker can use its from to try and may get the password, bypassing the login...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/09 12:0 a.m.157 views

eFront 3.6.15 PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

7.5CVSS0.53166EPSS
Exploits8
WPVulnDB
WPVulnDB
added 2015/04/23 12:0 a.m.8 views

Ultimate Product Catalogue <= 3.1.2 - Unauthenticated SQL Injection

Unauthenticated SQL injection in parameter "SingleProduct" when a web visitor explores a product published by the web administrator. This exploit needs magicquotesgpc turned off in the destination server. File Functions/Shortcodes.php line 779 PoC http:///?SingleProduct=2'+and+'a'='a...

0.7AI score
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2015/04/21 12:0 a.m.25 views

WordPress Plugin Tune Library 1.5.4 - SQL Injection

WordPress Plugin Tune Library 1.5.4 - SQL Injection ======================================================================= title: SQL Injection product: WordPress Tune Library Plugin vulnerable version: 1.5.4 and probably below fixed version: 1.5.5 CVE number: CVE-2015-3314 impact: CVSS Base Sco...

6.8CVSS0.3AI score0.04868EPSS
Exploits6
The Hacker News
The Hacker News
added 2015/04/06 11:11 p.m.9 views

How to Run Linux Kernel on Canon DSLRs Cameras

Last month, I Got a Canon's amazing and powerful video-capable DSLR Camera and was wondering if I could play a hack on it. Yes, Just like last time I installed and run Linux on my PlayStation 3 gaming console and the popular game console, the Nintendo Wii. What If I could port Linux Kernel to my...

6.8AI score
Exploits0
myhack58
myhack58
added 2015/03/01 12:0 a.m.19 views

Security vulnerability is the essence of myth of the battle to compile code-bug warning-the black bar safety net

0x00 Preface Currently more popular but also more efficient mining of vulnerabilities is Fuzzing, of course, this also needs to take the time to write Fuzzing programs. However, not every things are necessary to write Fuzzing programs,not every thing can go to Fuzzing, so still have to continue t...

Exploits0
ATTACKERKB
ATTACKERKB
added 2015/02/26 3:59 p.m.1 views

CVE-2015-2086

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

3.5CVSS5.8AI score0.00936EPSS
Exploits0References4
Prion
Prion
added 2015/02/26 3:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

3.5CVSS5.7AI score0.00936EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2015/02/26 3:0 p.m.22 views

CVE-2015-2086

Cross-site scripting XSS vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title...

5.2AI score0.00936EPSS
Exploits0References3
CVE
CVE
added 2015/02/26 3:0 p.m.44 views

CVE-2015-2086

CVE-2015-2086 describes an XSS vulnerability in the live preview of the Panopoly Magic module for Drupal 7.x, prior to 7.x-1.17. The issue arises from insufficient filtering of the pane title during re‑rendering of the preview, allowing remote authenticated users to inject arbitrary scripts/HTML....

3.5CVSS6.3AI score0.00936EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2015/02/21 12:0 a.m.1 views

Drupal Panopoly Magic Module Cross-Site Scripting Vulnerability

Drupal is an open source content management platform. A cross-site scripting vulnerability exists in Drupal Panopoly Magic Module, which allows remote attackers to exploit this vulnerability to construct malicious URIs and trick users into parsing them, which can be used to obtain sensitive...

3.5CVSS6.2AI score0.00936EPSS
Exploits0References1
Drupal
Drupal
added 2015/02/18 12:0 a.m.24 views

SA-CONTRIB-2015-047 - Panopoly Magic - Cross Site Scripting (XSS)

This module enables live previews of Panels panes in the modal dialog for adding or editing them. The module doesn't sufficiently filter the pane title when re-rendering the live preview. This vulnerability is mitigated by the fact that an attacker must have permission to add or edit Panels panes...

3.5CVSS6.3AI score0.00936EPSS
Exploits0References9
Packet Storm
Packet Storm
added 2015/01/28 12:0 a.m.29 views

New CMS 2.1 Local File Inclusion

=============================================== + TITLE : NEW CMS Local File Inclusion Vulnerability /proc/self/environ + VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice + VERSION : 2.1 or Later + AUTHOR : R3vanBastard + TESTED ON : Windows + DORK : "New CMS"...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/12/15 12:0 a.m.67 views

CentOS 7 : kernel (CESA-2014:1971)

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...

7.8CVSS6.9AI score0.08579EPSS
Exploits11References19
RedHat Linux
RedHat Linux
added 2014/12/09 8:33 p.m.3 views

Kernel: HID: OOB write in magicmouse driver

An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device HID reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on...

6.9CVSS6.7AI score0.00764EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/11/28 12:0 a.m.36 views

openSUSE Security Update : file (openSUSE-SU-2014:1516-1)

file was updated to fix one security issue. This security issue was fixed : - Out-of-bounds read in elf note headers CVE-2014-3710. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

5CVSS8.4AI score0.14013EPSS
Exploits0References3
securityvulns
securityvulns
added 2014/10/27 12:0 a.m.72 views

[ MDVSA-2014:201 ] kernel

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:201 http://www.mandriva.com/en/support/security/ Package : kernel Date : October 21, 2014 Affected: Business Server 1.0 Problem Description: Multiple vulnerabilities has been found and corrected in the Linux...

7.2CVSS8.7AI score0.05794EPSS
Exploits4
seebug.org
seebug.org
added 2014/10/24 12:0 a.m.26 views

TinyRise 最新版注射获取敏感信息

简要描述: TinyRise 最新版注射获取敏感信息 详细说明: 主要问题出在filterclass.php: public static function text$str $config = HTMLPurifierConfig::createDefault; $cachedir=Tiny::getPath'cache'."/htmlpurifier/"; if!fileexists$cachedir File::mkdir$cachedir; $config = HTMLPurifierConfig::createDefault; //配置 缓存目录...

7AI score
Exploits0
Prion
Prion
added 2014/10/21 10:55 a.m.12 views

Information disclosure

The Magicam Photo Magic Editor aka mobi.magicam.editor application 5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

5.4CVSS6.4AI score0.00266EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder