IBM QRadar Security Information and Event Manager Unspecified Command Injection Vulnerability

IBM QRadar Security Information and Event Manager SIEM is a U.S.-based IBM solution that consolidates log-sourced event data from thousands of devices and applications dispersed throughout the network. A command injection vulnerability exists in IBM QRadar SIEM version 7.2.x and 7.1 MR2 Patch 1...

CVE-2014-8606

Directory traversal vulnerability in the XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! allows remote administrators to read arbitrary files via a .. dot dot in the file parameter in a jsonreturn action in the xclonershow page to wp-admin/admin-ajax.php...

CVE-2015-3950

Cross-site request forgery CSRF vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request...

CA Spectrum Elevation of Privilege Vulnerability

CA Spectrum formerly known as CA Spectrum Infrastructure Manage is a set of converged infrastructure management software developed by CA. The software provides fault management, application performance management and failure cause analysis and other functions. A security vulnerability exists in C...

QNAP - Admin Shell via Bash Environment Variable Code Injection (Metasploit)

Exploit Title: QNAP admin shell via Bash Environment Variable Code Injection Date: 7 February 2015 Exploit Author: Patrick Pellegrino | [email protected] work / [email protected] other Employer homepage: http://www.securegroup.it Vendor...

OpenKM Stored Cross Site Scripting

Exploit Title: OpenKM Platform Remote Reflected Cross Site Scripting Google Dork: N/A Date: 18-11-2014 Exploit Author: Mohamed Abdelbaset Elnoby @SymbianSyMoh Vendor Homepage: http://www.openkm.com/en / Software Link: http://www.openkm.com/en/download-english.html Version: All versions...

D-Link Working on Firmware Updates for Three Critical Bugs

D-Link has pushed out a firmware update for three serious security vulnerabilities in its DIR-820L home routers, and is expected to do the same for seven other models between tomorrow and March 10. The vulnerabilities provide an attacker with remote access to the router without the need for...

After Logic Mail - Remote Admin Takeover (All versions)

AfterLogic WebMail Lite is a free web-based IMAP and SMTP email-client with Ajax interface. AfterLogic WebMail Lite is available for both PHP and ASP.NET platforms. The version of AfterLogic WebMail Lite that is written in PHP is free and open-source software subject to the terms of the Affero...

Design/Logic Flaw

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting...

CVE-2014-9193 Innominate mGuard Improper Privilege Management

Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting...

Food Order Portal 8.3 Cross Site Request Forgery

Food Order Portal 8.3 - CSRF Remote Admin Delete PoC My + Author : KnocKout Contactonlymail : [email protected] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x | Unuttuklarýmýz affola.. Turkey...

CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

DEBIAN-CVE-2014-5240

Cross-site scripting XSS vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script or HTML, and obtain Super Admin privileges, via a crafted avatar URL...

TinyPHP Forum <= 3.6 (makeadmin) Remote Admin Maker Exploit

No description provided by source. TinyPHPForum 3.6 Admin Makerbr By SirDarckCat from elhacker.net FORM method=post enctype=multipart/form-data Existing User:INPUT name=unamebr INPUT type=file name=userfile style=visibility:HIDDENbr INPUT type=hidden name=email [email protected] input type=hidden...

creative guestbook 1.0 - Multiple Vulnerabilities

No description provided by source. .--. / Dj7xpl \ | | |, .-. .-. ,| | o/ \o | |/ /\ | @ ^^ \|IIIIII|/ @8@8|-\IIIIII/-| / \ / @ +Iranian Are The Best In World+ Portal : Creative Guestbook 1.0 Download : http://www.thecreativeheads.de/CreativeFiles/downloads.php Author : Dj7xpl | [email protected]...

PHP-Nuke 6.x/7.0/7.1 Image Tag Admin Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in bbCode tags contained...

NatterChat 1.1 - Remote Admin Bypass Vulnerability

No description provided by source. ============================================================================== NATTERCHAT v1.1 Admin Home Bypass Vulnerability ============================================================================== » Script : NATTERCHAT v1.1 » Discover: Mountassif Moad =...

Web@all <= 1.1 - Remote Admin Settings Change

No description provided by source. =========================================== Web@all = 1.1 Remote Admin Settings Change =========================================== Author: giudinvx Email: giudinvxatgmaildotcom Date: 27/12/2010 Site: http://www.giudinvx.altervista.org/...

Metyus Okul Yonetim 1.0 Sistemi Uye_giris_islem.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21418/info Metyus Okul Yonetim Sistemi is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to...

statcountex 3.1 - Multiple Vulnerabilities

No description provided by source. Software Link: http://www.2enetworx.com/dev/projects/download.asp?pid=4&rid=34 Version: 3.1 Tested on: Windows xp sp3 ------------------------------------------------------ | | | | | | | | /| ' \ / \ ' \ / /| ' \ | | | | | | / | | | | | | | | | || || ||||...