85 matches found
PT-2020-14423 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
PT-2020-14421 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
PT-2020-14546 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...
PT-2020-6770 · Unknown · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions cwp-e17.0.9.8.923 Description: The issue is related to the implementation of the ajax mod security.php script in CentOS Web Panel, where the archivo parameter does not properly neutralize special elements in...
XSStrike: A XSS Detection & Exploitation Kit
PenTestIT RSS Feed If you remember a couple of weeks back, I blogged about XSS Radar, a Google Chrome extension to help you discover cross-site scripting vulnerabilities. This post is about - XSStrike, a similar tool to help you find cross-site scripting vulnerabilities, but it is coded in Python...
Wordpress Seo Link Rotator 插件-pusher.php文件title参数--跨站脚本漏洞
漏洞详情 漏洞标题 : Wordpress Seo Link Rotator 插件-pusher.php文件title参数--跨站脚本漏洞 插件首页 : http://www.seolinkrotator.com 下载链接 : http://www.seolinkrotator.com/download/files/seolinkrotator.zip 存在跨站漏洞的文件为pusher.php ,未做输入输出转义过滤: Link To This If you would like to share this with someone else just copy and paste th...
Debian DLA-34-1 : libapache-mod-security security update
Martin Holst Swende discovered a flaw in the way modsecurity handled chunked requests. A remote attacker could use this flaw to bypass intended modsecurity restrictions, allowing them to send requests containing content that should have been removed by modsecurity. NOTE: Tenable Network Security...
Suricata IDPE 2.0.3 - Open Source Next Generation Intrusion Detection and Prevention Engine
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...
MyBB Profile Blogs Plugin 1.2 - Multiple Vulnerabilities
No description provided by source. Exploit Title: MyBB Profile Blog plugin multiple vulnerabilities. Google Dork: inurl:member.php intext:Profile Blogs for MyBB Date: 12.9.2012 Exploit Author: Zixem Vendor Homepage: http://fklar.pl/ Software Link: http://mods.mybb.com/view/profile-blogs Version:...
openSUSE Security Update : apache2-mod_security2 (openSUSE-SU-2013:1336-1)
complete overhaul of this package, with update to 2.7.5. - ruleset update to 2.2.8-0-g0f07cbb. - new configuration framework private to modsecurity2: /etc/apache2/conf.d/modsecurity2.conf loads /usr/share/apache2-modsecurity2/rules/modsecuritycrs1 0setup.conf, then...
[Suricata 1.4.7] Open Source Next Generation Intrusion Detection and Prevention Engine
The Suricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of...
[Suricata 1.4.2] Next Generation Intrusion Detection and Prevention Engine
TheSuricata Engine is an Open Source Next Generation Intrusion Detection and Prevention Engine. This engine is not intended to just replace or emulate the existing tools in the industry, but will bring new ideas and technologies to the field. OISF is part of and funded by the Department of Homela...
Debian DSA-2659-1 : libapache-mod-security - XML external entity processing vulnerability
Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially crafted XML file provided by a remote attacker,...
Debian Security Advisory DSA 2659-1 (libapache-mod-security - XML external entity processing vulnerability)
Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a remote attacker,...
Debian: Security Advisory (DSA-2659-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-2506-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2506-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2506-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez July 02, 2012 http://www.debian.org/security/faq -...
Mnews 1.1 - view.php SQL Injection
Mnews 1.1 - view.php SQL Injection \n"; echo "Example:\n"; echo "php $argv0 http://www.website.com/mnews\n"; exit; $target = $argv1; ifsubstr$target, strlen$target-1!="/" $target .= "/"; $inject = $target . "view.php?id=-0'%20"; $token = uniqid; $tokenhex = hex$token; echo " Trying to get...
osCmax Shop CMS 2.5.1 Cross Site Scripting
Title: ====== osCmax Shop CMS v2.5.1 - Multiple Web Vulnerabilities Date: ===== 2012-04-08 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=497 VL-ID: ===== 497 Introduction: ============= osCMax is a powerful e-commerce/shopping cart web application. There are many...
Joomla Currency Converter Cross Site Scripting
Exploit Title: Joomla modules modcurrencyconverter XSS Vulnerability Date: 2012-02-02 GMT +7 Author: BHG Security Center Software Link: http://joomla.org Dork: inurl:/includes/convert.php?from= Tested on: ubuntu 11.04 CVE : -...