Dell SonicWALL Global Management System Cross-Site Scripting Vulnerability

The Dell SonicWall Global Management System GMS is a global management system from Dell, USA. The system enables rapid deployment and centralized management of Dell SonicWALL firewall, anti-spam, backup and recovery, and secure remote access solutions. A cross-site scripting vulnerability exists ...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation

Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/cms-tree-page-view Version: 1.4 Tested on:...

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation

WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery Privilege Escalation Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/...

WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

WordPress Admin Menu Tree Page View 2.6.9 CSRF / Privilege Escalation

Exploit Title: Admin Menu Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/admin-menu-tree-page-view Version: 2.6.9...

WordPress CMS Tree Page View 1.4 CSRF / Privilege Escalation

Exploit Title: CMS Tree Page View CSRF, Privilege Escalation Discovery Date: 2017-12-12 Exploit Author: Panagiotis Vagenas Author Link: https://twitter.com/panVagenas Vendor Homepage: http://eskapism.se/ Software Link: https://wordpress.org/plugins/cms-tree-page-view Version: 1.4 Tested on:...

wikipedia.org.dnstree.com XSS vulnerability

On the 29.12.2017 security researcher reported a XSS vulnerability affecting the wikipedia.org.dnstree.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 29...

justice.gov.dnstree.com XSS vulnerability

On the 29.12.2017 security researcher reported a XSS vulnerability affecting the justice.gov.dnstree.com website via the Open Bug Bounty coordinated vulnerability disclosure program. Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitted via Open Bug Bounty| 29...

Updated git packages fix security vulnerability

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

WordPress CMS Tree Page View 1.3.4 plugin Privilege Escalation Vulnerability

WordPress Tree Page View plugin allows vulnerability any logged in users to move pages, regardless of permissions Vulnerability Any logged in user can move pages, regardless of their permission level. Proof of concept Create a blank WordPress site, activate CMS Tree Page View plugin, and log in a...

jqueryFileTree directory traversal vulnerability

jqueryFileTree is a configurable AJAX file browser plugin with jQuery . A directory traversal vulnerability exists in jqueryFileTree 2.1.5 and earlier versions. No detailed vulnerability details are provided at this time...

I, Librarian Catalog Enumeration Vulnerability

Scilico I, Librarian is the United States Scilico company a set of online PDF document management system. A security vulnerability exists in the jqueryFileTree.php file in Scilico I, Librarian versions 4.6 and earlier and 4.7. An attacker can exploit the vulnerability to enumerate directories...

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

DEBIAN-CVE-2017-16803

In Libav through 11.11 and 12.x through 12.1, the smackerdecodetree function in libavcodec/smacker.c does not properly restrict tree recursion, which allows remote attackers to cause a denial of service bitstream.c:buildtable out-of-bounds read and application crash via a crafted Smacker stream...

Microsoft Edge Chakra ParseCatch Type Confusion (CVE-2017-11764)

A type confusion vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to a lack of validation in the ParseCatch method which results in the generation on a malformed Abstract Syntax Tree AST. A remote attacker could exploit this vulnerability by enticing the...

Git Denial of Service Vulnerability

Git is a free, open source distributed version control system developed by American software developer Linus Torvalds Linus Torvalds. A security vulnerability exists in Git 2.14.2 and earlier versions, which stems from the program's failure to properly handle the tree object layer. A remote...

DEBIAN-CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

CVE-2017-15298

Git through 2.14.2 mishandles layers of tree objects, which allows remote attackers to cause a denial of service memory consumption via a crafted repository, aka a Git bomb. This can also have an impact of disk consumption; however, an affected process typically would not survive its attempt to...

Comments Off on Arbitrary User Registration and Arbitrary Password Reset Vulnerability in Fruit Tree App

Evaluate Fruit Tree App is a learning and education app. There are arbitrary user registration and arbitrary password reset vulnerabilities in Fruit Tree App, which allow attackers to register any user and reset any user's password by grabbing packets and modifying cell phone numbers...

RedHat Update for augeas RHSA-2017:2788-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...