51 matches found
Design/Logic Flaw
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
CVE-2019-12385
An issue was discovered in Ampache through 3.9.1. The search engine is affected by a SQL Injection, so any user able to perform lib/class/search.class.php searches even guest users can dump any data contained in the database sessions, hashed passwords, etc.. This may lead to a full compromise of...
CVE-2019-12385
CVE-2019-12385 affects Ampache up to version 3.9.1. A SQL Injection in the search engine (lib/class/search.class.php) allows any user performing searches (including guests) to dump data from the database (sessions, hashed passwords, etc.), which can lead to full admin compromise when combined wit...
Wall Street Market reported to have exit scammed
Around April 20, many users reported that Wall Street Market, a broadly known dark net market, had executed an exit scam, and that any pending orders were unlikely to be completed. Scamming with enterprises involving Bitcoin is not unheard of, and dark net markets with centralized escrow are...
CVE-2018-1000084
WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name from Layout tab that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the...
DEBIAN-CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed...
UBUNTU-CVE-2017-16908
In Horde Groupware 5.2.19, there is XSS via the Name field during creation of a new Resource. This can be leveraged for remote code execution after compromising an administrator account, because the CVE-2015-7984 CSRF protection mechanism can then be bypassed...
ocPortal CMS 8.x Session Hijacking
OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...
Nuked-klaN <= 1.7.7 / <= SP4.4 Multiple Vulnerabilities Exploit
No description provided by source. ?php Name: Nuked-klaN = 1.7.7 and = SP4.4 Multiples Vulnerabilities Exploit Credits: Charles FOL charlesfolathotmail.fr URL: http://real.o-n.fr/ Date: 14/10/2008 Special thanks to Louis for remembering me I had to finish it = VULNERABILITY DETAILS...
javamailAPI.txt
Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...
Javamail Multiple Information Disclosure Vulnerabilities
Javamail Multiple Information Disclosure Vulnerabilities May 25, 2005 Yangon, Myanmar. Vulnerable Systems: JavaMail API 1.3 JavaMail API 1.2 JavaMail API 1.1.3 Tested on Apache Tomcat/5.0.16 Possibly on all versions of Windows Failed to restrict to accessing other directory and files in...