618 matches found
vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability
vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...
UBUNTU-CVE-2017-10789
The DBD::mysql module through 4.043 for Perl uses the mysqlssl=1 setting to mean that SSL is optional even though this setting's documentation has a "your communication with the server will be encrypted" statement, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrad...
Drupal Password Reset Landing Page Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Password Reset Landing Page Module is a password reset page module. An access bypass vulnerability exists in the Drupal Password Reset Landing Page Module. This vulnerability can be...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...
Drupal Hubspot CTA module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Hubspot CTA is one of the modules that displays the Hubspot CTA button by creating a Bean block. A cross-site scripting vulnerability exists in the Drupal Hubspot CTA module that can be...
SUSE-SU-2016:1301-1 Security update for ImageMagick
This update for ImageMagick fixes the following issues: - bsc978061: A vulnerability in ImageMagick's 'https' module allowed users to execute arbitrary shell commands on the host performing the image conversion. The issue had the potential for remote command injection. This update mitigates the...
QEMU VGA Module Denial of Service Vulnerability
QEMU is a simulation processor software developed by French programmer Fabrice Bellard. The software is fast and cross-platform. A security vulnerability exists in QEMU's VGA module. An attacker can exploit this vulnerability to execute arbitrary code on the host computer with elevated privileges...
CVE-2016-3710
The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes after setting the bank register, aka the "Dark Portal" issue...
Drupal Nodejs Module Access Bypass Vulnerability
Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...
Drupal Open Atrium Module Security Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Open Atrium is one of the team collaboration and knowledge management system modules. A security bypass vulnerability exists in the Drupal Open Atrium module that can be exploited by...
amoCRM - Moderately Critical - Cross Site Scripting - SA-CONTRIB-2015-149
This module enables you to integrate with amoCRM service using webhooks. The module does not sufficiently sanitize the logged data when malicious POST data is received. This vulnerability is mitigated by the fact that a module such "Database logging" dblog must be enabled which displays log...
Drupal Corner Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Corner is one of the website modification modules. A cross-site request forgery vulnerability exists in the Drupal Corner module. A remote attacker can exploit this vulnerability to...
Code injection
The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL...
Cisco IOS TCP Input Module Denial of Service Vulnerability
Cisco IOS is a popular Internet operating system. A memory leak vulnerability exists in the Cisco IOS TCP input module, which allows remote attackers to conduct denial-of-service attacks via specially crafted TCP messages...
CVE-2014-8165
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object...
CBSMS Mambo Module <= 1.0 - Remote File Include Vulnerability
No description provided by source...
CVE-2011-3628
Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...
MGASA-2014-0031 Updated drupal package fixes security vulnerabilities
Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module that allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts CVE-2014-1475. Matt Vance and Damien Tournoud reported an access bypass vulnerability in the...
phpcms 9.4.2 /phpcms/modules/pay/respond.php 路径泄漏
No description provided by source...
PSF-2013-2 ssl: NULL in subjectAltNames
The ssl.matchhostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate...