Multi user custom field cannot be used with the assignable user permission

If a multi user custom field is added to JIRA, and the custom field is added to the Assignable User permission, the Assign Issue operation breaks, when trying to gather the list of assignable Users. This is basically because our MultiUserCF is not specific enough and relies to much on the...

WordPress MultiUser crossite scripting PoC

No description provided by source. body onLoad="document.hack.submit" form name="hack" action="http://site/wp-newblog.php" method="post" input type="hidden" name="stage" value="1" input type="hidden" name="weblogid" value='"scriptalertdocument.cookie/script' /form /body...

Vulnerability in WordPress MultiUser

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в WordPress MultiUser. XSS: POST запрос на странице http://site/wp-newblog.php: "scriptalertdocument.cookie/script В поле Username. Уязвим WordPress MultiUser 1.0 и предыдущие версии. Дополнительная информация о...

TaskFreak! 0.5.5 - 'error.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22537/info TaskFreak! is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

XBoard < 4.2.7: pxboard insecure tmp file handling

About XBoard: XBoard is a graphical chessboard that can serve as a user interface to chess engines such as GNU Chess, the Internet Chess Servers, electronic mail correspondence chess, or your own collection of saved games. pxboard is a script that saves its standard input to a temporary file and...

dune[0.6.7+-]: remote buffer overflow exploit. (httpd)

automated exploit for dune0.6.7+- webserver, source comments explain... original source: http://fakehalo.deadpig.org/xdune.c Vade79 - [email protected] - fakehalo. ----------------- example usage ----------------- v9@localhost v9$ ./xdune localhost dune0.6.7+-: remote buffer overflow exploi...

Pc-to-Phone vulnerability - broken by design

Dear Sirs, This is to report a security vulnerability in DeltaThree's Pc-To-Phone product, version 3.0.3 latest version, and possibly earlier versions. This security flaw was first reported to DeltaThree/iConnectHere on October 3, 2001, where I told the company about the security flaw, how it cou...

Dynamics CRM 2016 Itailian MuiPack i386

Dynamics CRM 2016 Itailian MuiPack i386...