1369 matches found
xiaoCMS Arbitrary File Upload Vulnerability
xiaoCMS is a PHP+MYSQL open source web application for publishing news, building corporate, personal portals. xiaoCMS has an arbitrary file upload vulnerability due to lax program filtering. Allowing an attacker to exploit the vulnerability can upload php type webshell, and then control the serve...
YYMusicCMS File Upload Vulnerability
YYMusicCMS is a program that can provide online music, the program interface is beautiful and generous, using ASP + ACCESS development. YYMusicCMS has a file upload vulnerability, due to the lack of filtering of the Form form FilePath parameter, resulting in the ability to upload asp type files. ...
Free theme hidden back door, spread WordPress and other renowned CMS system-vulnerability warning-the black bar safety net
Recently the United States security researchers broke the news, for the CMS site of the thousands of plugins and themes are implanted called CryptoPHP Backdoor, which may lead to a lot ofWeb serveris an attacker for himself. Hidden in the CMS free plug-in the midst of the This new-found back door...
Sphider 1.3.6 - Multiple Vulnerabilities
Exploit for php platform in category web applications Description: The web application is vulnerable to SQLi. Once a website has been indexed with Sphider, an attacker can inject SQL under Sites - Browser pages- filter option. Proof of Concept: Response: POST: /admin/admin.php...
Sphider Search Engine 1.3.6 - Multiple Vulnerabilities
Sphider Search Engine 1.3.6 - Multiple Vulnerabilities Exploit Title: Sphider 1.3.6 or later SQL Injection Google Dork: intitle:"Sphider Admin Login" Date: 1 July 2014 Exploit Author: Mike Manzotti Vendor Homepage: http://www.sphider.eu/ Software Link: http://www.sphider.eu/sphider-1.3.6.zip...
FreeBSD : mcollective -- cert valication issue (ecea9e92-0be5-4931-88da-8772d044972a)
Melissa Stone reports : The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, a...
mcollective -- cert valication issue
Melissa Stone reports: The MCollective aessecurity public key plugin does not correctly validate certs against the CA. By exploiting this vulnerability within a race/initialization window, an attacker with local access could initiate an unauthorized MCollective client connection with a server, an...
Hornbill Supportworks ITSM 1.0.0 - SQL Injection Vulnerability
No description provided by source. Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the...
Design/Logic Flaw
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server...
GE Intelligent Platforms Proficy Cimplicity Multiple Vulnerabilities
GE Intelligent Platforms Proficy Cimplicity is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers
Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including many big website i.e. Facebook and Wikipedia. PHP has several predefined variables that are called SuperGlobals i.e. POST, GET, COOKIES, FILES etc. Imperva...
Syrian Electronic Army Hack Results in Compromise of Domain Data For NY Times, Twitter
The Syrian Electronic Army, a group known for attacking high-profile media sites in the last year or so, has in the last few hours compromised the domain information for a large number of sites, including the New York Times home page and some of Twitter’s domains. Security researchers say that th...
Fedora Update for globus-gridftp-server-control FEDORA-2012-8445
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for globus-gridftp-server-control FEDORA-2012-8461
Check for the Version of globus-gridftp-server-control OpenVAS Vulnerability Test Fedora Update for globus-gridftp-server-control FEDORA-2012-8461 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora Update for globus-gridftp-server-control FEDORA-2012-8488
Check for the Version of globus-gridftp-server-control OpenVAS Vulnerability Test Fedora Update for globus-gridftp-server-control FEDORA-2012-8488 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...
Fedora Update for globus-gridftp-server-control FEDORA-2012-8488
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for globus-gridftp-server-control FEDORA-2012-8461
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora 16 : globus-gridftp-server-6.10-2.fc16 / globus-gridftp-server-control-2.5-2.fc16 (2012-8461)
Fix for http://jira.globus.org/browse/GT-195 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 17 : globus-gridftp-server-6.10-2.fc17 / globus-gridftp-server-control-2.5-2.fc17 (2012-8445)
Fix for http://jira.globus.org/browse/GT-195 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 15 : globus-gridftp-server-6.10-2.fc15 / globus-gridftp-server-control-2.5-2.fc15 (2012-8488)
Fix for http://jira.globus.org/browse/GT-195 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...