Design/Logic Flaw

The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before 2.9.1.0 does not verify the user correctly, which allows remote authenticated users to control other virtual machines managed by Virtualizor by accessing a modified URL...

Remove Beginning Section of URL Using Rewrite Policy

Customer is looking for a way to remove a specific section of a URL at the beginning of the path...

Design/Logic Flaw

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified...

CVE-2015-2266

Affected software: Moodle

IBM Rational ClearQuest 7.1.1.x < 7.1.1.4 / 7.1.2.x < 7.1.2.1 Multiple Vulnerabilities (credentialed check)

The remote host is running a version of IBM Rational ClearQuest 7.1.1.x prior to 7.1.1.4 / 7.1.2.x prior to 7.1.2.1 installed. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the Dojo Toolkit that allows a remote attacker to read...

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

Request access to this page. userFullName can be modified.

Steps to reproduce: 1.-Create a page and grant permissions only for you 2.-Modify this url to point to your pageId https://extranet.atlassian.com/pages/viewpage.action?pageId=XXXXXXX&username=scia&userFullName=Scott%2BFarquhar&grantAccess=true 3.- You will be asked to grant Scott Farquhar...

CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

Design/Logic Flaw

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...

Design/Logic Flaw

IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL...

CVE-2014-0858

IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to bypass intended access restrictions and conduct deleteAction attacks via a modified URL...

Simple Bug Exposed Verizon Wireless Users' SMS History

A security researcher discovered a simple vulnerability in Verizon Wireless’s Web-based customer portal that enabled anyone who knows a subscriber’s phone number to download that user’s SMS message history, including the numbers of the people he communicated with. The vulnerability, which has bee...

CVE-2012-4448

Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...

UBUNTU-CVE-2012-4448

Cross-site request forgery CSRF vulnerability in wp-admin/index.php in WordPress 3.4.2 allows remote attackers to hijack the authentication of administrators for requests that modify an RSS URL via a dashboardincominglinks edit action...

Exclusive - Source Code Spoofing with HTML5 and the LRO Character

Exclusive - Source Code Spoofing with HTML5 and the LRO Character Article Written by John Kurlak for The Hacker News,He is senior studying Computer Science at Virginia Tech. Today John will teach us that How to Spoof the Source Code of a web page. For example, Open and Try to View Source Code of...

CVE-2009-0276

Removed by vendor...

Fine to talk about hanging horse methods and techniques-vulnerability warning-the black bar safety net

Hanging horse N kind of method 1 HTML hung it to the law. Conventional HTML hang horse method is generally on a web page, insert an iframe statement, like. Check whether the site is linked, generally is to look at keywords the iframe. 2 then the hidden bit is js hung it up. Like then the...

digitalhive-sql.txt

body margin:3%; font-size:10px; color:FFFFFF; font-family:Verdana,Arial; background-color:1a1a1a; text-align: center; input background:303030; color:FFFFFF; font-family:Verdana,Arial; font-size:10px; vertical-align:middle; border-left:1px solid 5d5d5d; border-right:1px solid 121212;...

SiteScape Forum TCL injection

Hi, I have following advisory for you. [email protected] SiteScape Forum TCL injection ================================ discovered by [email protected] PRODUCT: SiteScape Forum EXPOSURE: TCL injection SYNOPSIS ======== By URL modification it is possible to insert TCL code into aplication. Accou...