Magento eCommerce Local File Disclosure

Exploit for php platform in category web applications ======================================================================= title: Local file disclosure via XXE injection product: Magento eCommerce Platform Enterprise & Community Edition vulnerable version: Magento eCommerce Platform Enterprise...

SEC Consult SA-20120626-0 :: Zend Framework - Local file disclosure via XXE injection

SEC Consult Vulnerability Lab Security Advisory 20120626-0 ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earlier versions / branches fixed versio...

Zend Framework Local File Disclosure

Exploit for php platform in category web applications ======================================================================= title: Local file disclosure via XXE injection product: Zend Framework vulnerable version: 1.11.11 1.12.0 RC1 2.0.0 beta4 and earlier versions / branches fixed version:...

RHEL 6 : python (RHSA-2012:0744)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0744 advisory. - python: potential XSS in SimpleHTTPServer's listdirectory CVE-2011-4940 - python: distutils creates /.pypirc insecurely CVE-2011-4944 -...

PT-2012-2901 · Python +3 · Python +3

Name of the Vulnerable Software and Affected Versions: Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3 Description: The issue allows remote attackers to cause a denial of service, resulting in infinite loo...

Medium: python27

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

Medium: python26

Issue Overview: SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service infinite loop and CPU consumption via an XML-RPC POST request that contains a smaller amount of dat...

FreeBSD Ports: bugzilla

The remote host is missing an update to the system as announced in the referenced advisory. VID 7f448dc1-82ca-11e1-b393-20cf30e32f6d OpenVAS Vulnerability Test $ Description: Auto generated from VID 7f448dc1-82ca-11e1-b393-20cf30e32f6d Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

FreeBSD : bugzilla Cross-Site Request Forgery (7f448dc1-82ca-11e1-b393-20cf30e32f6d)

A Bugzilla Security Advisory reports : The following security issues have been discovered in Bugzilla : - Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some...

XSS и Brute Force уязвимости в WordPress

Здравствуйте 3APA3A! Сообщаю вам о Cross-Site Scripting та Brute Force уязвимостях в WordPress. XSS WASC-08: В 2007 году я писал об редиректорах http://websecurity.com.ua/1152/ в WordPress http://websecurity.com.ua/1179/, для которых я выпустил патч в MustLive Security Pack v.1.0.5...

Brute Force и XSS уязвимость в Wordpress

Здравствуйте 3APA3A! Сообщаю вам об ещё одной уязвимости в WordPress, о которой мне известно уже давно - это Brute Force через XML-RPC функционал в WordPress. Brute Force WASC-11: http://site/xmlrpc.php В данном функционале нет защиты от Brute Force атак. При отправке соответствующих POST-запросо...

Security advisory for Bugzilla 4.2 and 4.0.5

Summary ======= Bugzilla is a Web-based bug-tracking system used by a large number of software projects. The following security issue has been discovered in Bugzilla: A CSRF vulnerability in the implementation of the XML-RPC API when running under modperl could be used to make changes to bugs or...

CVE-2012-0453

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

CVE-2012-0453

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

CVE-2012-0453

Cross-site request forgery CSRF vulnerability in xmlrpc.cgi in Bugzilla 4.0.2 through 4.0.4 and 4.1.1 through 4.2rc2, when modperl is used, allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product's installation via the XML-RPC API...

CVE-2012-0453

The CVE-2012-0453 entry describes a Cross-site Request Forgery (CSRF) vulnerability in Bugzilla versions 4.0.2–4.0.4 and 4.1.1–4.2rc2 when using mod_perl. The flaw allows remote attackers to hijack the authentication of arbitrary users for requests that modify the product’s installation via the X...

bugzilla Cross-Site Request Forgery

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious...

FreeBSD : Python -- DoS via malformed XML-RPC / HTTP POST request (b4f8be9e-56b2-11e1-9fb7-003067b2972c)

Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...

Python -- DoS via malformed XML-RPC / HTTP POST request

Jan Lieskovsky reports, A denial of service flaw was found in the way Simple XML-RPC Server module of Python processed client connections, that were closed prior the complete request body has been received. A remote attacker could use this flaw to cause Python Simple XML-RPC based server process ...