6286 matches found
CVE-2014-0808
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...
CVE-2014-0808
Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a crafted HTTP request...
Sexy Polling Joomla Extension SQL注入漏洞
CVE ID:CVE-2013-7219 Joomla是一款内容管理系统。 该漏洞由于传递到"/components/comsexypolling/vote.php"脚本的"answerid" HTTP POST参数未能充分验证,远程攻击者可以在应用数据库中执行任意SQL操作。 0 Sexy Polling Joomla Extension =1.0.8 Sexy Polling 1.0.9版本以修复此漏洞,建议用户下载使用:...
ABB MicroSCADA Wserver Multiple Buffer Overflows
Multiple Buffer Overflow vulnerabilities have been reported in the Wserver component of ABB MicroSCADA. The vulnerabilities are due to the copying of user controlled data to stack-based buffers without size verification. A remote attacker can exploit this issue by sending a specially crafted...
XSS Vulnerability in simple_format helper
There is a vulnerability in the simpleformat helper in Ruby on Rails. The simpleformat helper converts user supplied text into html text which is intended to be safe for display. A change made to the implementation of this helper means that any user provided HTML attributes will not be escaped...
Microsoft Tagged Image File Format (TIFF) Integer Overflow
This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/zip' require 'nokogiri' module ::Nokogiri module XML class Builder Some XML documents don't declare the namespace before referencing, but...
Microsoft Tagged Image File Format (TIFF) Integer Overflow
This Metasploit module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD...
[ MDVSA-2013:272 ] poppler
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:272 http://www.mandriva.com/en/support/security/ Package : poppler Date : November 21, 2013 Affected: Business Server 1.0 Problem Description: Updated poppler packages fix security vulnerabilities: Poppler i...
HP Virtual User Generator EmulationAdmin Service copyFileToServer Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of HP Virtual User Generator. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the EmulationAdmin web service. This service exposes...
MS13-096 Microsoft Tagged Image File Format (TIFF) Integer Overflow
This module exploits a vulnerability found in Microsoft's Tagged Image File Format. It was originally discovered in the wild, targeting Windows XP and Windows Server 2003 users running Microsoft Office, specifically in the Middle East and South Asia region. The flaw is due to a DWORD value...
Horde Groupware Webmail Edition Ingo Filter Cross-Site Request Forgery (CVE-2013-6275)
A Cross-Site Request Forgery CSRF vulnerability has been reported in Horde Groupware Webmail Edition. The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by convincing the user to follow a malicious link or visit an attacker...
Cisco Unified Computing System Fabric Interconnect Cross-Site Request Forgery Vulnerability
A vulnerability in the fabric interconnect FI web management interface of the Cisco Unified Computing System could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks. The vulnerability occurs because the web interface relies on cookies to authenticate...
Apache OpenJPA code execution
User-controlled data it stored in local executable file...
Inside the Response to the New York Times Attack
Late Tuesday morning, one of the engineers in CloudFlare’s San Francisco office saw a message on Twitter saying that the New York Times Web site was down. Minutes later, more messages appeared, as security researchers and others began looking into the situation and realized that someone may have...
CSRF in doremoveblogpost.action
Any page can be deleted if a user with sufficient privileges to delete the page clicks an attacker controlled link, or views an image at an attack controller URL. /pages/doremoveblogpost.action?pageId=...
Jumping Out of IE's Sandbox With One Click
Software vendors often give intentionally vague and boring names to the updates they use to fix security vulnerabilities. The lamer the name, the less attention it may attract from attackers looking to reverse-engineer the patch. There was one patch in Microsoft’s August Patch Tuesday release...
Oracle Endeca Server attachDataStore SOAP Request Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Endeca Server. Authentication is not required to exploit this vulnerability. The specific flaw exists in the handling of requests to the controlSoapBinding web service. This service exposes...
Cisco Unified Communications Manager Privilege Escalation Vulnerability
A vulnerability in Cisco Unified Communications Manager Unified CM could allow an authenticated, local attacker to escalate privileges on the system. The vulnerability is due to improper file permissions on a privileged system binary. An attacker could exploit this vulnerability by modifying a...
Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability
A vulnerability in the web framework could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against the user of the web interface. The vulnerability is due to insufficient CSRF protections. An attacker could exploit this vulnerability by convincing a...
Windows NT/2K/XP/2K3/VISTA/2K8/7/8 EPATHOBJ Local ring0
ifndef WIN32NOSTATUS define WIN32NOSTATUS endif include include include include include ifdef WIN32NOSTATUS undef WIN32NOSTATUS endif include pragma commentlib, "gdi32" pragma commentlib, "kernel32" pragma commentlib, "user32" pragma commentlib, "shell32" pragma commentlinker, "/SECTION:.text,ERW...