Remote Command Execution Vulnerability in Next-Generation Firewall System of SinoCom-ArtM

The InforCube Next-Generation Firewall NFW is a comprehensive security gateway security solution. A remote command execution vulnerability exists in the InforCube Next Generation Firewall system. The vulnerability allows an attacker to write php code into a file by modifying the install.php post...

MODX Revolution 'setup/controllers/welcome.php' file remote code execution vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A security vulnerability exists in the setup/controllers/welcome.php file in MODX Revolution 2.5.4-pl an...

Remote File Inclusion

Web applications occasionally use parameter values to store the location of a file which will later be required by the server. An example of this is often seen in error pages, where the actual file path for the error page is stored in a parameter value -- for example...

Form-based File Upload

The design of many web applications require that users be able to upload files that will either be stored or processed by the receiving web server. Scanner has flagged this not as a vulnerability, but as a prompt for the penetration tester to conduct further manual testing on the file upload...

Source Code Disclosure

Scanner has detected server-side source code within the server's response. A modern web application will be reliant on several different programming languages. These languages can be broken up in two flavours. These are client-side languages such as those that run in the browser -- like JavaScrip...

MobaXterm Personal Edition Directory Traversal Vulnerability

MobaXterm Professional Edition is a terminal software.MobaXterm allows you to start remote sessions.Each session you start is automatically saved and displayed in the left sidebar. MobaXterm Personal Edition suffers from a directory traversal vulnerability that stems from a failure to adequately...

C2Box 4.0.0(r19171) Validation Bypass

Title: Validation Bypass in C2Box application allows user to input negative value Author: Harish Ramadoss Vendor: boxautomationB.A.S Product: C2Box Version: All versions below 4.0.0r19171 Tested Version: Version 4.0.0r19171 Severity: Medium CVE Reference: 2015-4626 About the Product: B.A.S C2Box...

MATCHA SNS vulnerable to code injection

Overview MATCHA SNS provided by ICZ Corporation is an SNS software. MATCHA SNS contains a code injection CWE-94 vulnerability due to a flaw when configuring the database during installation. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

WordPress VideoWhisper Video Presentation Plugin Arbitrary File Download Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.VideoWhisper Video Presentation is a video communication plugin. A security vulnerability in the WordPress VideoWhisper Video Presentation plugin allows remote...

LinkedIn Private Bug Bounty Program Goes Public

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve...

Unspecified PHP Code Execution Vulnerability in Bomgar Remote Support Portal Application

Bomgar Remote Support is a secure remote desktop solution. The Bomgar Remote Support Portal application fails to properly filter input, allowing remote attackers to submit special requests to execute arbitrary PHP code...

Wordpress Stored Cross-Site Scripting Zero Day Vulnerability

WordPress security issues have for the most part involved a vulnerable plug-in, but a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver. Juoko Pynnonen of...

WordPress Plugin MiwoFTP CSRF Arbitrary File Creation Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.MiwoFTP is a smart, fast, lightweight file manager plugin. The WordPress plugin MiwoFTP has a security vulnerability. As the application allows use...

Yoast Google Analytics Stored Cross Site Scripting

OVERVIEW ========== Google Analytics by Yoast is a WordPress plug-in for monitoring website traffic. With approximately seven million downloads it’s one of the most popular WordPress plug-ins. A security vulnerability in the plug-in allows an unauthenticated attacker to store arbitrary HTML,...

Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution

The Struts 2 DefaultActionMapper supports a method for short-circuit navigation state changes by prefixing parameters with "action:" or "redirect:", followed by a desired navigational target expression. This mechanism was intended to help with attaching navigational information to buttons within...

Oracle Linux 5 : squirrelmail (ELSA-2009-1066)

The remote Oracle Linux 5 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2009-1066 advisory. - fix broken patch for CVE-2009-1579 - fix broken patch for CVE-2009-1579 - fix: CVE-2009-1581 : CSS positioning vulnerability - fix: CVE-2009-1579 :...

Gallery Server Pro File Upload Filter Bypass

, , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link: http://www.galleryserverpro.com/ PDF:...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

CVE-2011-5161

Unrestricted file upload vulnerability in the patient photograph functionality in OpenEMR 4 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the patient directory under...

CentOS Update for squirrelmail CESA-2009:1066 centos3 i386

Check for the Version of squirrelmail OpenVAS Vulnerability Test CentOS Update for squirrelmail CESA-2009:1066 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...