735 matches found
CVE-2017-2339
A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the...
WordPress User Role Editor Plugin <= 4.24 - Privilege Escalation
Because of this vulnerability, any registered user can gain administrator access. Solution Upgrade the plugin...
CVE-2016-2288
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file...
drupal -- multiple vulnerabilities
Drupal Security Team reports: File upload access bypass and denial of service File module - Drupal 7 and 8 - Moderately Critical Brute force amplification attacks via XML-RPC XML-RPC server - Drupal 6 and 7 - Moderately Critical Open redirect via path manipulation Base system - Drupal 6, 7 and 8 ...
Sola Support Ticket <= 3.12 - XSS & Configuration Change
Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. PoC Make POST request to /wp-admin with paramete...
WordPress User Role 1.4.1 Cross Site Scripting Vulnerability
WordPress User Role plugin version 1.4.1 suffers from a cross site scripting vulnerability. WordPress User Role 1.4.1 Cross Site Scripting Vulnerability Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified...
WordPress User Role 1.4.1 Cross Site Scripting
Plugin Name : User Role Effected Version : 1.4.1 and most probably lower version's if any Vulnerability : A3-Cross-Site Scripting XSS Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Administrator PoC - Proof of Concept : In the following field put the payload as...
Multiple Themes - Privilige Escalation
The themes suffer from a privilege escalation vulnerability, any authenticated user can trigger this vulnerability due to weak permissions checking. An attacker can update options, such as changing user's default role, registration state and others, which may lead to executing commands/code on th...
CVE-2015-3231
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...
CVE-2015-3231
The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache...
Hewlett-Packard SiteScope Log Analyzer Privilege Escalation Vulnerability
This vulnerability allows remote attackers to read arbitrary files on vulnerable installations of Hewlett-Packard SiteScope. Authentication is required to exploit this vulnerability. The specific flaw exists within the Log Analysis Tool. This tool does not validate or restrict the log path allowi...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete user role matching rules via unspecified vectors...
WordPress WP EasyCart Unrestricted File Upload Exploit
WordPress Shopping Cart WP EasyCart Plugin for WordPress contains a flaw that allows a remote attacker to execute arbitrary PHP code. This flaw exists because the /inc/amfphp/administration/banneruploaderscript.php script does not properly verify or sanitize user-uploaded files. By uploading a .p...
User Role Editor - Cross-Site Request Forgery
The User Role Editor WordPress plugin was affected by a Cross-Site Request Forgery security vulnerability...
InvGate Service Desk 4.2.36 SQL Injection Vulnerability
InvGate Service Desk version 4.2.36 suffers from multiple remote SQL injection vulnerabilities. InvGate Service Desk v4.2.36 multiple vulnerabilities http://www.invgate.com/en/service-desk/ http://www.invgate.com/en/service-desk/on-premise-trial/ Invgate Service Desk suffers from many SQL...
Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability
No description provided by source. Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-edito...
Command injection
Unspecified vulnerability on the IBM System Storage Virtualization Engine TS7700 allows local users to gain privileges by leveraging the TSSC service-user role to enter a crafted SSH command...
Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update
Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...
SA-CONTRIB-2014-017- Image Resize Filter - Denial of Service (DOS)
This module enables you to resize images based on the HTML contents of a post. Images with specified height and width properties that differ from the original image result in a resized image being created. The module doesn't limit the number of resized images per post or user, which could allow a...
WordPress < 3.6.1 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - Unsafe PHP de-serialization could occur in limited situations and setups, which could lead to remote code execution. CVE-2013-4338 - Open redirect/insufficient input...