2912 matches found
Directory traversal
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
CVE-2017-9031
CVE-2017-9031 affects the WebUI component of Deluge prior to version 1.3.15 . The vulnerability is a directory traversal flaw caused by a request where the render file name is not linked to any template file, enabling potential exposure of files via the web interface. Multiple connected sources c...
CVE-2017-9031
The WebUI component in Deluge before 1.3.15 contains a directory traversal vulnerability involving a request in which the name of the render file is not associated with any template file...
BanManager WebUI 1.5.8 Code Injection / Cross Site Scripting
BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI Software Link:...
BanManager WebUI PHP Code Injection Vulnerability
BanManager is a SQL-based disablement management system. A PHP code injection vulnerability exists in BanManager WebUI version 1.5.8. The vulnerability can be exploited to execute arbitrary code because the 'setting.php' page does not validate the input parameters when doing an update operation...
BanManager WebUI 1.5.8 - PHP Code Injection Vulnerability
Exploit for php platform in category web applications BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...
BanManager WebUI 1.5.8 - PHP Code Injection
BanManager WebUI 1.5.8 - PHP Code Injection BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage:...
BanManager WebUI 1.5.8 - PHP Code Injection
BanManager WebUI 1.5.8 - PHP Code Injection & Stored XSS Exploit Title: BanManager WebUI - PHP Code Injection & Stored XSS Date: 2017-05-10 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/BanManagement/BanManager-WebUI Software Link:...
FortiAnalyzer, FortiManager Open Redirect Vulnerability
The FortiAnalyzer and FortiManager WebUI accept a user-controlled input that specifies a link to an external site, and uses that link in a redirect...
Hadoop HDFSBrowser information disclosure
Browsing the HDFS datalake ========================== Description ----------- There are 2 different and distinct approaches to browse the HDFS datalake: A. Through the WebHDFS API B. Through the native Hadoop CLI WebHDFS ------- WebHDFS offers REST API for users to access data on the HDFS...
[SECURITY] [DLA 897-1] qbittorrent security update
Package : qbittorrent Version : 2.9.8-1+deb7u1 CVE ID : CVE-2017-6503 CVE-2017-6504 CVE-2017-6503 WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. CVE-2017-6504 WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which coul...
CVE-2016-7542
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...
CVE-2016-7542
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...
CVE-2016-7542
A read-only administrator on Fortinet devices with FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA may have access to read-write administrators password hashes not including super-admins stored on the appliance via the webui REST API, and may therefore be able to crack them...
CVE-2016-7542
CVE-2016-7542 affects Fortinet FortiOS. A read-only administrator on FortiOS 5.2.x before 5.2.10 GA and 5.4.x before 5.4.2 GA can access read-write administrator password hashes stored on the appliance via the webUI REST API, enabling potential password cracking of non-super-admins. Public refere...
openSUSE Security Update : qbittorrent (openSUSE-2017-381)
This update to qbittorrent 3.3.11 fixes the security issues and bugs. The following vulnerabilities were fixed : - CVE-2017-6504: WebUI did not set the X-Frame-Options header bsc1028073 - CVE-2017-6503: WebUI did not escape many values, allowing for XSS bsc1028072 %NASLMINLEVEL 70300 C Tenable...