XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

XSRF Security Token Missing when clicking on Contact an administrator

h3. Summary Clicking on the "Contact an administrator to perform this action." results in XSRF Security Token Missing. Tested with : Chrome Version 54.0.2840.59 64-bit Firefox 49.0 h3. Steps to Reproduce Configure Outgoing Mail Enable Contact Administrators Form from General Configurations Create...

Unspecified Vulnerability in Oracle E-Business Suite Oracle Shipping Execution Component

Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. Oracle Shipping Execution is one of the components of the management of transportation information. A remote security vulnerability exists in the...

SQL Injection Vulnerability in VOA (Pengwei) System name parameter

Shenzhen Pengwei Information Technology Co., Ltd VOA collaborative office platform is a kind of asp development OA system. VOA Pengwei system name parameter exists SQL injection vulnerability, the vulnerability URL is http://demo.kmpsoft.com/MyWorkflow/WFGetTripNo.aspx. Attackers can use the...

[SECURITY] Fedora 25 Update: trytond-4.0.4-1.fc25

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton also called Tryton kernel provides all the necessary...

[SECURITY] Fedora 24 Update: drupal7-entity_translation-1.0-0.9.beta5.fc24

Allows fieldable entities to be translated into different languages, by introducing entity/field translation for the new translatable fields capability in Drupal 7. Maintained by the Drupal core i18n team. This project does not replace the Internationalization http://drupal.org/project/i18n...

Nexpose Now: Because Security Doesn't Wait

Attackers dont wait for your schedule, in fact, they try and take advantage of your windows of wait when youre biding your time waiting for a scan. Just think of your typical Patch Tuesday, when you walk in on Wednesday your vulnerability management solution has all the checks, but then you wait...

Weaver eweaver com. eweaver. workflow. workflow. servlet. ExportAction parameters exportid, etc multiple SQL injection vulnerabilities

No description provided by source...

NetApp OnCommand Workflow Automation Authentication Bypass Vulnerability

NetApp OnCommand Workflow Automation is a set of storage process management software from the U.S. company NetApp. An authentication bypass vulnerability exists in versions of NetApp OnCommand Workflow Automation prior to 3.1P2, which can be exploited by an attacker to bypass the authorization...

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016

MS16-088: Description of the security update for SharePoint Server 2016: July 12, 2016 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see...

When JIRA project has a security scheme, the option "None" is not displayed in Crucible

h3. Summary Whenever a JIRA project has a Security Scheme defined, and a workflow transition has at least one required field, a window is opened in JIRA side so that the required field/s are selected. Among the fields displayed in this window there will be the "Security Level", in which the...

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: ProcessMaker v3.0.1.7 Multiple vulnerabilities Date: 31/05/2016 Author: Mickael Dorigny @ information-security.fr Vendor or Software Link: http://www.processmaker.com/ Version: 3.0.1.7 Category: Multiple Vulnerabilities...

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities

ProcessMaker 3.0.1.7 - Multiple Vulnerabilities Exploit Title: ProcessMaker v3.0.1.7 Multiple vulnerabilities Date: 31/05/2016 Author: Mickael Dorigny @ information-security.fr Vendor or Software Link: http://www.processmaker.com/ Version: 3.0.1.7 Category: Multiple Vulnerabilities ProcessMaker...

大汉JCMS /xxgk/workflow/design/que_model.jsp 多个参数SQL注入

No description provided by source...

DotCMS Workflow Screen SQL Injection Vulnerability

DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A SQL injection vulnerability exists in Workflow Screen in DotCMS versions prior to 3.3.2. A remote attacker ca...

CVE-2016-4040

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

Sql injection

SQL injection vulnerability in the Workflow Screen in dotCMS before 3.3.2 allows remote administrators to execute arbitrary SQL commands via the orderby parameter...

CVE-2016-4040

CVE-2016-4040 affects dotCMS prior to version 3.3.2. A SQL injection in the Workflow Screen allows remote administrators to execute arbitrary SQL commands through the orderby parameter. Exploitation would impact data confidentiality, integrity, and availability as described by CVSS metrics (base ...

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

[SECURITY] Fedora 23 Update: cups-filters-1.4.0-1.fc23

Contains backends, filters, and other software that was once part of the core CUPS distribution but is no longer maintained by Apple Inc. In addition it contains additional filters developed independently of Apple, especially filters for the PDF-centric printing workflow introduced by OpenPrintin...