EUVD-2025-0037

Malicious code in bioql PyPI...

CVE-2012-4389

Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and accessing an uploaded PHP file...

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

Authorization Bypass

JBoss AS is vulnerable to authorization bypass. The isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...

RHEL 7 : Red Hat JBoss Enterprise Application Platform 6.4.20 (RHSA-2018:1448)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1448 advisory. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red...

CVE-2018-1000118

Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This vulnerability appears to hav...

Security: Invalid EJB caller role check implementation

It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...

ElasticSearchGroovy script remote code execution vulnerability emergency overview-vulnerability warning-the black bar safety net

! Know Chong Yu security research group 2 0 1 5 . 0 3 . 0 5 First, the vulnerability described in ElasticSearch is a JAVA development search analysis engine. 2 0 1 4 years, had been exposed by a remote code execution vulnerability, CVE-2 0 1 4-3 1 2 0, the vulnerability appears in the script quer...

Threat Outbreak Alert RuleID12676: Email Messages Distributing Malicious Software on December 3, 2014

Medium Alert ID: 36629 First Published: 2014 December 4 14:34 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12676 may contain the following files: Name |...

Threat Outbreak Alert RuleID11845: Email Messages Distributing Malicious Software on October 5, 2014

Medium Alert ID: 35947 First Published: 2014 October 6 14:56 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11845 may contain the following files: Name |...

Mango cloud KODExlporer design flaws lead to arbitrary code execution-vulnerability warning-the black bar safety net

http://www.wooyun.org/bugs/wooyun-2014-066056 About the content: http://www.kalcaddle.com The test account permissions: default The problem is in the renaming. I upload. php file is not executed, ok, then change suffix to. ph After a successful upload, 改名.php, tips no limit. Well, 改名.php ,rename ...

Security: Invalid EJB caller role check implementation

It was found that the isCallerInRole method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles...

SSL Black List Aims to Publicize Certificates Associated With Malware

Malware and botnet operators are always adapting their tactics, trying to stay a step or two ahead of defensive technologies and techniques. One of the methods many attackers have adopted is using SSL to communicate with the infected machines they control, and a researcher has started a new...

Cyclope Internet Filtering Proxy 4.0 - Stored XSS Vuln.

No description provided by source. !/usr/bin/python Title: Cyclope Internet Filtering Proxy 4.0 - Stored XSS Vuln. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Software link: http://www.cyclope-series.com/download/index.aspx?p=2 Date Found: Oct 20th 2011 Test...

The Code of the audit logic upload vulnerability discovery-vulnerability warning-the black bar safety net

0×0 0 Preface Saying a person happy,two people sharing became two parts of a happy,this I see is not necessarily right,if share and to be shared between the two is a rival relationship,and share the joy of the reason happens to be... ha ha,do not say,all know; BUT, if one of the tips to be shared...

CmsEasy_5.5_UTF-8_20140420 存在存储型xss 可打管理员和平行用户

简要描述： CmsEasy5.5UTF-820140420 存在存储型xss 可打管理员和平行用户 详细说明： 第一种情况（攻击管理员）: 注册用户后，然后访问/CmsEasy5.5UTF-820140420/uploads/bbs/add-archive.php?cid=1 进行发帖，其中主题填写： " oninput=alert1 然后登陆管理员，如图所示: 点击"操作"底下的编辑，然后，让管理员发现问题的时候，对其内容进行删除修改时候，抽发xss 如图所示： 第二种情况（攻击平行用户）:...

shopex register any user-defined pre-Deposit of balance or integration-vulnerability warning-the black bar safety net

Brief description: shopex in the registered user is present when the validation is not strict, leading to the time of registration can be freely defined the pre-Deposit balances or credits such as the contents of the field Detailed description: 在 文件 \core\shop\controller\ctl.passport.php if !$ in...

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

eFront <= 3.6.10 (build 11944) Multiple Security Vulnerabilities

---------------------------------------------------------------- eFront = 3.6.10 build 11944 Multiple Security Vulnerabilities ---------------------------------------------------------------- author.............: EgiX mail...............: n0b0d13satgmaildotcom software link......:...

Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc)

Exploit for windows platform in category dos / poc !/usr/bin/python Title: Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS Poc. From: The eh?-Team || The Great White Fuzz we're not sure yet Found by: loneferret Software link: http://www.cyclope-series.com/download/index.aspx?p=2 Date...