[SECURITY] [DSA 3249-1] jqueryui security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3249-1 [email protected] http://www.debian.org/security/ Sebastien Delafond May 03, 2015 http://www.debian.org/security/faq -...

vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

Cross site scripting

Cross-site scripting XSS vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name...

Cross site scripting

Cross-site scripting XSS vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in 1 common/, 2 monitor/, or 3 psnpm/ or the 4 module XML element in the r...

CVE-2012-2932

Multiple cross-site scripting XSS vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems parameter in a 1 copy, 2 chmod, or 3 arch action to admin/index.php or 4 searchitem parameter in a search action to admin/index.php...

Open-Letters Remote PHP Code Injection Vulnerability

Open-Letters is a DAS Direct Attached Storage communication system. Open-Letters suffers from a remote PHP code injection vulnerability. The vulnerability allows attackers to execute arbitrary code...

Open Letters Remote PHP Code Injection

/ errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"; print "+ Script coded BY: Egidio Romano...

Open-Letters - Remote PHP Code Injection

/ errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author: TUNISIAN CYBER\n"; print "+ Script coded BY: Egidio Romano...

Open-Letters Remote PHP Code Injection Exploit

Exploit for php platform in category web applications / errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; function httpsend$host, $packet if !$sock = fsockopen$host, 80 die "\n- No response from $host:80\n"; fwrite$sock, $packet; return streamgetcontents$sock; print "+ Author:...

CVE-2015-2781

Cross-site scripting XSS vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2015-2941

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error...

CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

CVE-2015-2938

Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...

CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

Design/Logic Flaw

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

UBUNTU-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

KLA10537 Multiple vulnerabilities in CA Spectrum

Multiple serious vulnerabilities have been found in CA Spectrum. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code. Below is a complete list of vulnerabilities 1. Improper data serialization can be exploited remotely via a specially designed Java object...

CVE-2015-2165

CVE-2015-2165 covers multiple stored/reflected XSS flaws in Ericsson Drutt MSDP Report Viewer (versions 4.x–6.x). The vulnerabilities allow remote attackers to inject arbitrary script/HTML via a large set of parameters across various JSP pages (top-links.jsp, page-summary.jsp, service-summary.jsp...

Code injection

The OLE Point of Sale OPOS drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSCashDrawer.ocx for PUSB Thermal Receipt printers, SerialUSB Thermal Receipt printers, Hybrid POS printers with MICR, Value PUSB Receipt...

vBulletin 4.x.x visitormessage.php Remote Code Injection Vulnerability

you can get access from vbulletin forum, just inject php code in one file. + My Homepage: black-hg.org / nasirpour.info + Discovered By: Dariush Nasirpour Net.Edit0r + Greeting : Ali Razmjoo - Ehsan Nezami - Arash Shams - Ramin Shahkar and all my freinds bhg...