736 matches found
WordPress < 3.6.1 Multiple Vulnerabilities
According to its version number, the WordPress install hosted on the remote web server is affected by multiple vulnerabilities : - Unsafe PHP de-serialization could occur in limited situations and setups, which could lead to remote code execution. CVE-2013-4338 - Open redirect/insufficient input...
CVE-2013-3599
userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...
Design/Logic Flaw
userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...
WordPress User Role Editor 3.12 Cross Site Request Forgery
WordPress User Role Editor plugin version 3.12 suffers from a cross site request forgery vulnerability Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-edito...
WordPress User Role Editor 3.12 Cross Site Request Forgery
Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-editor Version: =3.12 Tested on: Debian...
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software...
WordPress User Role Editor Plugin 3.12 - CSRF
User Role Editor plugin is prone to a cross site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the plugin...
Wordpress User Role Editor Plugin 3.12 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software...
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery
Exploit Title: WP User Role Editor CSRF Date: 19/5/13 Exploit Author: Henry Hoggard Author Website: http://henryhoggard.co.uk Vendor Homepage:https://wordpress.org/support/plugin/user-role-editor Software Link:https://wordpress.org/support/plugin/user-role-editor Version: =3.12 Tested on: Debian...
CVE-2012-5571
OpenStack Keystone Essex 2012.1 and Folsom 2012.2 does not properly handle EC2 tokens when the user role has been removed from a tenant, which allows remote authenticated users to bypass intended authorization restrictions by leveraging a token for the removed user role...
WordPress 3.1.3 SQL Injection Vulnerabilities
No description provided by source. SEC Consult Vulnerability Lab Security Advisory 20110701-0 ======================================================================= title: Multiple SQL Injection Vulnerabilities product: WordPress vulnerable version: 3.1.3/3.2-RC1 and probably earlier versions...
Debian DSA-2115-1 : moodle - several vulnerabilities
Several remote vulnerabilities have been discovered in Moodle, a course management system. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-1613 Moodle does not enable the 'Regenerate session id during login' setting by default, which makes it easier...
Moderate: Red Hat Security Advisory: pam security, bug fix, and enhancement update
Updated pam packages that fix two security flaws, resolve several bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Pluggable Authentication Modules PAM provide a system...
oracle10g-sql.txt
// / Oracle 10g CTXDOC.MARKUP SQL Injection Exploit / // / sploit grant DBA to unprivileged user / // / BY Sh2kerR Digital Security / // / tested on oracle 10.1.0.2.0 / // // / Date of Public EXPLOIT: October 23, 2007 / / Written by: Alexandr "Sh2kerr" Polyakov / / email: [email protected]...
Project Role Modifications not reflected in Issue Security Scheme
If you modify users/groups in a project's project role and this project uses an issue security scheme, you must remove the role and re-add it to the issue security scheme for the role changes to take effect. Steps to Reproduce: 1. Need to be the admin of a project whose issue creation screen has...
Oracle 10g SYS.KUPV$FT.ATTACH_JOB PL/SQL Injection Exploit
No description provided by source. / Exploit for Oracle10g R1 and R2 prior to CPU Oct 2006 Joxean Koret [email protected] Privileges needed: - EXECUTECATALOGROLE - CREATE PROCEDURE / select from userroleprivs ; CREATE OR REPLACE FUNCTION F1 RETURN NUMBER AUTHID CURRENTUSER IS PRAGMA...