CVE-2017-6446

Dotclear v2.11.2 contains a reflected cross-site scripting (XSS) vulnerability in admin/pages that handle sorting (admin/blogs.php and admin/users.php with sortby and order parameters). The issue is identified as CVE-2017-6446. The available documents describe the vulnerable vectors and affected ...

[SECURITY] Fedora 25 Update: python-peewee-2.8.5-2.fc25

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...

[SECURITY] Fedora 24 Update: python-peewee-2.8.5-2.fc24

A small, expressive ORM written in python with built-in support for sqlite, mysql and postgresql and special extensions like hstore. For flask integration, including an admin interface and RESTful API, check out flask-peewee...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

UBUNTU-CVE-2016-6896

Directory traversal vulnerability in the wpajaxupdateplugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read certain text files via a .. dot dot in the plugin parameter to wp-admin/admin-ajax.php, as...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

Shopify: Unsanitized Location Name in POS Channel can lead to XSS in Orders Timeline

Hi! I would like to report XSS at Shopify Admin Interface in Orders TImeline, in line Usename processes this order at NAME NAME is not sanitized and if this is set to XSS will happen POC Visit https://whitehat-3.myshopify.com/admin/orders/2253786753 or...

CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

UBUNTU-CVE-2016-7123

Cross-site request forgery CSRF vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators...

MacCMS v8 admin_interface.php SQL injection

No description provided by source...

NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'NUUO NVRmini 2 / NETGEAR ReadyNAS Surveillance Unauthenticated Remote Code Execution', 'Description' = %q The NVRmini 2 Network...

Design/Logic Flaw

The administrative web interface in Cisco TelePresence Video Communication Server Expressway X8.5.2 allows remote authenticated users to execute arbitrary commands via crafted fields, aka Bug ID CSCuv12531...

PYSEC-2016-2

Cross-site scripting XSS vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors...

CVE-2016-1607

Multiple cross-site request forgery CSRF vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request...

Neoscreen 4.5 Authentication Bypass

Exploit Title: Neoscreen v4.5 Authentication bypass Product: Neoscreen by Cube Digital Media Vulnerable Versions: 4.5 and all previous versions Tested Version: 4.5 Advisory Publication: July 24, 2016 Vulnerability Type: Authentication Bypass Issues CWE-592 CVE Reference: NONE Credit: Alex Haynes...

CVE-2016-1447

Cross-site scripting XSS vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194...

CVE-2016-4790

Cross-site scripting XSS vulnerability in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-4789

Cross-site scripting XSS vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure PCS 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified...