1612 matches found
Unrestricted file upload
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
CVE-2013-5962
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in...
CVE-2013-5962
The CVE-2013-5962 entry relates to the WordPress plugin Complete Gallery Manager (before 3.3.4 rev40279). Affected component: frames/upload-images.php which permits an unrestricted file upload. Root cause: uploading a file with an executable extension allows remote attackers to access the uploade...
WordPress Complete Gallery Manager 3.3.3 File Upload
Title: ====== Wordpress Plugin Complete Gallery Manager 3.3.3 - Arbitrary File Upload Vulnerability Date: ===== 2013-09-17 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1080 VL-ID: ===== 1080 Common Vulnerability Scoring System: ==================================== 6....
WordPress Complete Gallery Manager Plugin 3.3.3 - Arbitrary File Upload
Complete Gallery Manager is prone to an arbitrary file upload vulnerability that is located in the /plugins/complete-gallery-manager/frames/ path when processing to upload via the upload-images.php file own malicious context or webshells.The vulnerability allows the attackers to upload files via...
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities Exploit Title: OpenEMR 4.1.1 Patch 14 Multiple Vulnerabilities Date: Sep 17 2013 Exploit Author: xistence Vendor Homepage: www.open-emr.org Tested on: CentOS 5.9 32-bit Affected Version : 4.1.1 Patch 14 and lower Fix: Upgrade to OpenEMR 4.1.2...
OpenEMR 4.1.1 Patch 14 - Multiple Vulnerabilities
OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platforms. OpenEMR is ONC Complete Ambulatory EHR certified and is one of the most popular open source electronic medical records in use...
WP Complete Gallery Manager 3.3.3 - Arbitrary File Upload
Document Title: =============== WP Complete Gallery Manager 3.3.3 - Arbitrary File Upload References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1080 Release Date: ============= 2013-09-16 Vulnerability Laboratory ID VL-ID: ====================================...
Microsoft Windows OLE Remote Code Execution Vulnerability (2876217)
This host is missing an critical security update according to Microsoft Bulletin MS13-070. OpenVAS Vulnerability Test $Id: secpodms13-070.nasl 5346 2017-02-19 08:43:11Z cfi $ Microsoft Windows OLE Remote Code Execution Vulnerability 2876217 Authors: Veerendra GG Copyright: Copyright c 2013 SecPod...
Watchguard Server Center - Local Privilege Escalation
// source: https://www.securityfocus.com/bid/62261/info Watchguard Server Center is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain SYSTEM privileges. Successful exploits will result in the complete compromise of affected computers. Watchguard...
CVE-2013-2209
Cross-site scripting XSS vulnerability in the auto-complete widget in htdocs/media/rb/js/reviews.js in Review Board 1.6.x before 1.6.17 and 1.7.x before 1.7.10 allows remote attackers to inject arbitrary web script or HTML via a full name...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to elevate privileges on the system. The vulnerability is due to improper file permissions, environment variables, and relative paths in a privileged system script. An attacker could...
[CVE-2013-2612] Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Huawei E587 3G Mobile Hotspot Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2013-2612 Huawei E587 3G Mobile Hotspot Command Injection Summary: Huawei E587 3G Mobile Hotspot, version 11.203.27, is prone to a command injection vulnerability in the Web UI. Successful exploitation allows unauthenticated attackers to execute...
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
This host is missing an important security update according to Microsoft Bulletin MS13-052. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Updated dbus packages fix security vulnerability
Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to...
Debian Security Advisory DSA 2707-1 (dbus - denial of service)
Alexandru Cornea discovered a vulnerability in libdbus caused by an implementation bug in dbusprintfstringupperbound. This vulnerability can be exploited by a local user to crash system services that use libdbus, causing denial of service. Depending on the dbus services running, it could lead to...
Adobe Acrobat Reader Crafted RLE8 format BMP File Buffer Overflow (APSB13-15; CVE-2013-2729)
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. The vulnerability is due to a buffer overflow while loading specially crafted BMP image resources from a PDF file. A remote attacker may exploit this issue by enticing a target user to open a malicious PDF file with ...
Default Password (nsroot) for 'nsroot' Account
The account 'nsroot' on the remote host has the password 'nsroot'. An attacker may leverage this issue to gain administrative access to the affected system. Note that Citrix NetScaler appliances are known to use these credentials to provide complete, administrative access to the Citrix NetScaler...
[SE-2012-01] New security vulnerabilities and broken fixes in IBM Java
Hello All, Security Explorations discovered 7 additional security issues 62-68 in the latest version of IBM SDK, Java Technology Edition software 1. A majority of the new flaws are due to insecure use or implementation of Java Reflection API. Additionally to the above, we found out that four issu...