586 matches found
Moderate: Red Hat Bug Fix Advisory: Satellite 6.2.2 bug fix update
Updated Satellite 6.2 packages that fix several bugs are now available. Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs...
EAP7 Privilege escalation when managing domain including earlier version slaves
The domain controller will not propagate its administrative RBAC configuration to some slaves. An attacker could use this to escalate their privileges...
EAP7 Privilege escalation when managing domain including earlier version slaves
The domain controller will not propagate its administrative RBAC configuration to some slaves. An attacker could use this to escalate their privileges...
F5 BIG-IP Application Security Manager (ASM) XSS
Edit: Corrected the date in the timeline from 01/12/14 to 01/12/15. Details ======= Product: F5 BIG-IP Application Security Manager ASM Vulnerability: Cross Site Scripting Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Likely 11.4.x-11.5.x...
WordPress Pods 2.4.3 CSRF / Cross Site Scripting
Vulnerability title: Wordpress plugin Pods alert'xss' target="http://localhost"; for i=0; i'; CSRF 2 delete pods plugin data: CSRF 3 deactivate pods and delete data: CSRF 4 enable "roles and capab...
Omeka 2.2.1 - Remote Code Execution
Omeka 2.2.1 - Remote Code Execution !/usr/bin/env python Omeka 2.2.1 Remote Code Execution Exploit Vendor: Omeka Team CHNM GMU Product web page: http://www.omeka.org Affected version: 2.2.1 and 2.2 Summary: Omeka is a free, flexible, and open source web-publishing platform for the display of...
Splunk 5.0 Custom App Remote Code Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...
PHP Grade Book 1.9.4 Unauthenticated SQL Database Export
No description provided by source. 'PHP Grade Book' Unauthenticated SQL Database Export CVE-2012-1670 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in admin/index.php that allows for an unauthenticated user to export the...
Microweber CMS 0.93 - CSRF Vulnerability
No description provided by source. Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where attacker can u...
Moodle Blog 1.18.2.2/1.6.2 Module SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20395/info Moodle is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application, access or modify data, ...
Microweber CMS 0.93 - CSRF Vulnerability
Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...
Microweber CMS 0.93 - Cross-Site Request Forgery
Microweber CMS 0.93 - Cross-Site Request Forgery Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC where...
Design/Logic Flaw
The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...
NetWin SurgeFTP - (Authenticated) Admin Command Injection (Metasploit)
require 'msf/core' class Metasploit3 'SurgeFTP Remote Command Execution', 'Description' = %q This module exploits a flaw in the SurgeFTP server's web-based administrative console to execute arbitary commands. , 'Author' = 'Spencer McIntyre', , 'License' = MSFLICENSE, 'References' = , 'Arch' =...
Splunk 5.0 - Custom App Remote Code Execution (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...
Splunk 5.0 Custom App Remote Code Execution
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Splunk 5.0 Custom App Remote Code...
Design/Logic Flaw
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and 2.1.0.0 through 2.1.0.2 allows remote authenticated users to bypass intended administrative-role requirements and perform arbitrary JMX operations via unspecified vectors...
CVE-2011-5135
Multiple SQL injection vulnerabilities in the saveconnection function in lib/lib.iotask.php in the iotask module in DoceboLMS 4.0.4 and earlier allow remote authenticated users with admin or teacher privileges to execute arbitrary SQL commands via the 1 coursereportuiconfigname or 2...
CVE-2012-2359
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability...
Splunk Search Remote Code Execution
This module abuses a command execution vulnerability in the web based interface of Splunk 4.2 to 4.2.4. The vulnerability exists in the 'mappy' search command which allows attackers to run Python code. To exploit this vulnerability, a valid Splunk user with the admin role is required. By default,...