320 matches found
I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting
I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...
Ruby on Rails Action Pack RCE Vulnerability (Feb 2016) - Windows
Ruby on Rails is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
phpMyAdmin Double URL Decoding XSS Vulnerability (PMASA-2016-16) - Windows
phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Drupal Module CODER 2.5 - Remote Command Execution (Metasploit)
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupal CODER Module Remote Command Execution', 'Description' = %q This module exploits a...
Debian DSA-3509-1 : rails - security update
Two vulnerabilities have been discovered in Rails, a web application framework written in Ruby. Both vulnerabilities affect Action Pack, which handles the web requests for Rails. - CVE-2016-2097 Crafted requests to Action View, one of the components of Action Pack, might result in rendering files...
USN-2814-1: NVIDIA graphics drivers vulnerability
It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges...
USN-2814-1 nvidia-graphics-drivers-304, nvidia-graphics-drivers-304-updates, nvidia-graphics-drivers-340, nvidia-graphics-drivers-340-updates, nvidia-graphics-drivers-352, nvidia-graphics-drivers-352-updates vulnerability
It was discovered that the NVIDIA graphics drivers incorrectly sanitized user mode inputs. A local attacker could use this issue to possibly gain root privileges...
FreeBSD : yii -- Remote arbitrary PHP code execution (5a35bc56-7027-11e4-a4a3-001999f8d30b)
Yii PHP Framework developers report : We are releasing Yii 1.1.15 to fix a security issue found in 1.1.14. We urge all 1.1.14 users to upgrade their Yii to this latest release. Note that the issue only affects 1.1.14. All previous releases are not affected. Upgrading to this release from 1.1.14 i...
OpenEngine 1.7/1.8 Template Unauthorized Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17871/info openEngine is prone to an unauthorized-access vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to access privileged a...
New Apple vulnerability allows Malicious keylogger App to Record User Inputs
Yet another Apple vulnerability has been exposed by security researchers, that can be exploited to track your finger's every action on iOS Devices i.e. iPhone, iPad etc. The exploit reportedly targets a flaw in iOS multitasking capabilities to capture user inputs, according to Security researcher...
Thinksaas 失败的getshell & 一枚注入。
简要描述: /为什么最新一直被走小厂商? 累觉不爱。/ 本来还以为能够直接前台getshell的。 能直接把代码写入文件。 但是最后也都败给了转义符。 还是来注入把。 详细说明: 0x01 失败的Getshell。 \app\mail\action\admin\do.php 访问这里 无需登录。 $arrData = array 'appname' = trim$POST'appname', 'appdesc' = trim$POST'appdesc', 'isenable' = trim$POST'isenable', 'mailhost' = trim$POST'mailhost',...
phpMyRecipes Multiple Vulnerabilities
phpMyRecipes is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Jojo CMS Multiple Vulnerabilities
Jojo CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CMS Made Simple 1.x - Cross-Site Scripting Cross-Site Request Forgery
CMS Made Simple 1.x - Cross-Site Scripting Cross-Site Request Forgery source: https://www.securityfocus.com/bid/40483/info CMS Made Simple is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied inputs. The application is also...
PHD Help Desk v1.43 Mutliple XSS
Exploit for unknown platform in category web applications ================================ PHD Help Desk v1.43 Mutliple XSS ================================ Mutliple XSS in PHD Help Desk v1.43 Name Multiple vulnerabilities in PHD Help Dsk Systems Affected PHD Help Desk v1.43 and possibly earlier...
DTSA-171-1 mediawiki - cross site scripting
Bulletin has no description...
Code injection
GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9 allows remote attackers to spoof form elements and redirect user inputs via a borderless XUL pop-up window from a background tab...
CVE-2007-1363
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter in the delete action in a search.php or b search-pda.php, or the 2 calories parameter in a save action in editlogcal.php...
Multiple browsers security dialogs race conditions
By forcing user to type predictable characters, key sequences or mouse clicks it's possible to conduct situation user event will be received by shortly appeared security dialog for example "Save file" dialog can apper then user is about to press Y key...
ASP Portal - Multiple Vulnerabilities
ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...