Cross site scripting

Wiki.js is a wiki app built on Node.js. Wiki.js 2.5.263 and earlier is vulnerable to stored cross-site scripting through non-image file uploads for file types that can be viewed directly inline in the browser. By creating a malicious file which can execute inline JS when viewed in the browser e.g...

Elements-IT HTTP Commander 跨站脚本漏洞

Elements-IT HTTP Commander is a server-hosted, web-based file management solution from Elements-IT Germany. It provides basic functionality for working with files creating, copying, deleting, etc. and many other additional features, such as integration with cloud services, online editing of Offic...

Mersive Solstice Pod Authorization Issues Vulnerability

Mersive Solstice Pod is a software application for conference screen sharing from Mersive USA. A security vulnerability exists in Solstice Pod before 3.0.3 that originates when web services allow users to connect to them over an unencrypted channel via the browser view feature. An attacker who is...

Information Disclosure

collective.signupsheet is vulnerable to information disclosure. This is because some views in browser are not protected with right permissions...

Design/Logic Flaw

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration...

CVE-2016-0731

The File Browser View in Apache Ambari before 2.2.1 allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration...

CVE-2016-0731

Apache Ambari is affected by CVE-2016-0731 in the File Browser View prior to version 2.2.1. The vulnerability allows remote authenticated administrators to read arbitrary files via a file: URL in the WebHDFS URL configuration, exposing local file data. Root cause: improper handling of file: URLs ...

Memberkit 1.0 - Arbitrary File Upload

Memberkit 1.0 - Arbitrary File Upload ================================================================= =================Memberkit 1.0 Remote File Upload================ ================================================================= Vendor: http://www.memberkit.com/ Discovered: 12-30-08...

Memberkit 1.0 - Arbitrary File Upload

================================================================= =================Memberkit 1.0 Remote File Upload================ ================================================================= Vendor: http://www.memberkit.com/ Discovered: 12-30-08 Discovered By: Lo$er ====Exploit==== After...

setroubleshoot security and bug fix update

setroubleshoot: 2.0.5-3.0.1.el5 - replace missed references to bugzilla.redhat.com with linux.oracle.com 2.0.5-3 - Resolve: bug 436564: socket.getsockopt on ppc generates exception Fix typo in original setroubleshoot-getcredentials.patch 2.0.5-2 - Resolve: bug 437857: python error in system...