102 matches found
May 28, 2019—KB4499162 (OS Build 15063.1839)
May 28, 2019—KB4499162 OS Build 15063.1839 Reminder: March 12th and April 9th will be the last two Delta updates for Windows 10, version 1703. Security and quality updates will continue to be available via the express and full cumulative update packages. For more information on this change please...
CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...
CVE-2019-13294
AROX School-ERP Pro has a command execution vulnerability. importstud.php and uploadfille.php do not have session control. Therefore an unauthenticated user can execute a command on the system...
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Description' = %q This module exploits a command execution vulnerability in AROX...
Feng Office 3.7.0.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...
Nginx < 1.7.5 SSL Session Reuse
According to the self-reported version in the server response header, the version of nginx installed on the remote host is 0.5.6 or higher, 1.6.x prior to 1.6.2, or 1.7.x prior to 1.7.5. It is, therefore, affected by an SSL session or TLS session ticket key handling error. A flaw exists in the fi...
Cross site scripting
KOHA Library System version 16.11.x up until 16.11.13 and 17.05.x up until 17.05.05 contains a Cross Site Scripting XSS vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=number ,...
Shopware 5.3.3: PHP Object Instantiation to Blind XXE
Who is affected Installations with following requirements are affected by this vulnerabilities: Shopware version = 5.3.3 and = 5.1 Impact - What can an attacker do In order to exploit the found vulnerabilities an attacker needs to be able to use the backend functionality of Shopware, specifically...
Magento 1.9.0.1 Cross-Site Scripting Vulnerability
Magento Web E-Commerce Platform is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
PT-2015-15: Information Disclosure in LiteSpeed Web Server
The specialists of the Positive Research center have detected an Information Disclosure vulnerability in LiteSpeed Web Server. This vulnerability allows attackers to obtain the content of arbitrary memory locations in LiteSpeed Web Server. The exploitation of the vulnerability makes it possible t...
RobotStats 1.0 - HTML Injection
Title : RobotStats v1.0 HTML Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...
RobotStats 1.0 SQL Injection
Title : RobotStats v1.0 robot param SQL Injection Vulnerability Author : ZoRLu / [email protected] / [email protected] Home : http://milw00rm.com / its online Twitter : https://twitter.com/milw00rm or @milw00rm Date : 22.11.2014 Demo : http://alpesoiseaux.free.fr/robotstats/ Download :...
Authentication bypass in D-Link routers
Vendor: D-Link Affected Products: -DIR-505L SharePort Mobile Companion HW: A1 / FW: 1.01 -DIR-826L Wireless N600 Cloud Router HW: A1 / FW: 1.02 Vendor Notification: April 8, 2013 Public Disclosure: July 8, 2013 Vulnerability Type: Authentication Bypass CVE Reference: CVE-2013-4772 Solution Status...
CVE-2012-0320
CVE-2012-0320 affects Movable Type before 4.38, 5.0.x before 5.07, and 5.1.x before 5.13. The vulnerability allows remote attackers to take control of user sessions via the commenting feature and the community script, enabling session hijack. Relevant advisories reference upgrades to fixed releas...
Arab Portal 2.2 (Auth Bypass) Remote SQL Injection Vulnerability
No description provided by source. Script Name : Arab portal 2.2 Remote Auth SQL Bypass Vulnerabilitiy Script home : http://www.arab-portal.info/arabportal22.zip Exploit risk level : High Found By : RoMaNcYxHaCkEr RXH Written By : Sniper Code S.C.T - 443 Our home : WwW.Sec-Code.CoM Security - Cod...
Oracle Application Server - multiple security vulnerabilities
Application: Oracle Application Server Versions Affected: Oracle Application Server 10.1.2.0.2 Vendor URL: http://oracle.com Bugs: Response Splitting XSS Exploits: YES Reported: 21.01.2009 Vendor response: 23.01.2009 Date of Public Advisory: 22.02.2012 Author: Alexandr Polyakov Description Oracle...
CVE-2007-3920
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069...
CVE-2007-3920
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069...
[SA21705] OpenVMS Session Control Password Disclosure Security Issue
---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available:...
CVE-2002-1755
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC...