78 matches found
[SECURITY] Fedora 32 Update: privoxy-3.0.32-1.fc32
Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups and other obnoxious Internet junk. Privoxy has a very flexible configuration and can be customized to suit...
CVE-2020-26977
By attempting to connect a website using an unresponsive port, an attacker could have controlled the content of a tab while the URL bar displayed the original domain. Note: This issue only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 84...
Mozilla Firefox 安全漏洞
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox for Android prior to version 84. By attempting to connect to a website using a port that fails to respond, an attacker can control the content of tabs...
Email Subscribers & Newsletters < 4.5.6 - Unauthenticated email forgery/spoofing
It allows a remote unauthenticated attacker to send forged emails to all recipients from the available lists of contacts or subscribers, with complete control over the content and subject of the email. PoC POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com Content-Type:...
UBUNTU-CVE-2020-12412
By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain with the https:// scheme, a blocked port number such as '1', and without a lock icon while controlling the page contents. This vulnerability affects Firefox 70...
CVE-2019-11447
An issue was discovered in CutePHP CuteNews 2.1.2. An attacker can infiltrate the server through the avatar upload process in the profile area via the avatarfile field to index.php?mod=main&opt=personal. There is no effective control of $imgsize in /core/modules/dashboard.php. The header content ...
Mail.ru: XSS on account.mail.ru/login
Уязвимость на станице https://account.mail.ru/login и подготовка файлов для атаки --------------------- В процессе исследования заметил, что на странице https://account.mail.ru/login не валидируется значение параметра v. Значение выводится на странице как есть и используется в пути до скрипта...
WordPress AnyVar Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language.REST API can transfer data via JSON format to access or control the content of the WordPress site. A cross-site scripting vulnerability exists in the WordPress AnyVar plugin. An attacker can use the vulnerability to execute arbitra...
nagios: Command injection via curl in MagpieRSS
It was found that an attacker who could control the content of an RSS feed could execute code remotely using the Nagios web interface. This flaw could be used to gain access to the remote system and in some scenarios control over the system...
Slack: Subdomain takeover on podcasts.slack-core.com
I noticed slack-core.com is used for Slack's call infrastructure. I had never seen that domain before, so I decided to find out what else was running on it. It turned out podcasts.slack-core.com was pointing to a Podcast and RSS hosting service called Feed.Press. However, there was no Feed.Press...
Ganglia Web Frontend 3.5.1 - PHP Code Execution
Ganglia Web Frontend 3.5.1 - PHP Code Execution...
CreA8social 'Add Game' Field HTML Injection Vulnerability
CreA8social is a social networking platform. An HTML injection vulnerability exists in the CreA8social 'Add Game' field, where attacker-supplied HTML or JavaScript code can run on the affected site. This allows an attacker to steal cookie-based authentication credentials and control the content...
Microsoft Windows - Print Spooler Service Impersonation (MS10-061) (Metasploit)
$Id: ms10061spoolss.rb 11766 2011-02-17 19:22:11Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Fedora Update for drupal-views FEDORA-2010-19009
Check for the Version of drupal-views OpenVAS Vulnerability Test Fedora Update for drupal-views FEDORA-2010-19009 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 12 Update: drupal-views-6.x.2.11-1.fc12
The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...
Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities
Application: Outpost Security Suite Pro ver. 2009 OS: Windows Xp All patches a day ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Outpost Security Suite is a software...
getinternet.txt
CRIOLABS - Software: getInternet - Type: E-business:Internet - Company: getSolutions - Date: 09-9-2004 Software: getInternet Platform: ASP, Microsoft SQL Comments: Administration section Not Tested Description getInternet will allow you to maintain, manage and control all of the content on your...
Security update 1970-01-01
...