Cross site scripting

Stored XSS has been discovered in version 1.0.12 of the LUYA CMS software via /admin/api-cms-nav/create-page...

Vulnerability of the `sdcardfs_create` and `sdcardfs_mkdir` functions in the Android operating system’s kernel, allowing attackers to escalate their privileges

The vulnerabilities of the sdcardfscreate and sdcardfsmkdir functions in inode.c of the Android operating system stem from operations that go beyond the buffer boundaries in memory. Exploiting these vulnerabilities can allow attackers to gain increased privileges...

CVE-2018-0464

A vulnerability in Cisco Data Center Network Manager software could allow an authenticated, remote attacker to conduct directory traversal attacks and gain access to sensitive files on the targeted system. The vulnerability is due to improper validation of user requests within the management...

H2 Database 1.4.196 - Remote Code Execution

H2 Database 1.4.196 - Remote Code Execution Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197...

H2 Database 1.4.196 - Remote Code Execution Exploit

Exploit for java platform in category web applications Exploit Title: H2 Database 1.4.196 - Remote Code Execution Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux...

H2 Database 1.4.196 Remote Code Execution

Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...

MODX CMS < 2.7.1 XSS Vulnerability

MODX CMS is prone to a stored cross-site scripting XSS vulnerability via a Create New Media Source action. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...

Cross site scripting

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...

CVE-2018-17556

MODX Revolution v2.6.5-pl is affected by a stored XSS vulnerability exposed via the Create New Media Source action. Multiple connected sources (Red Hat PR, CNVD/CVE references, OpenVAS) confirm the issue and describe it as a stored XSS in MODX Revolution, with the CVE entry stating the impact as ...

CVE-2018-17556

MODX Revolution v2.6.5-pl allows stored XSS via a Create New Media Source action...

Linux kernel create_elf_tables() integer overflow vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. An integer overflow vulnerability exists in the createelftables function in the Linux kernel. An unprivileged local...

CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable...

CVE-2018-14634

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system. Kernel versions 2.6.x, 3.10.x and 4.14.x are believed to be vulnerable...

kernel: Integer overflow in Linux's create_elf_tables function

An integer overflow flaw was found in the Linux kernel's createelftables function. An unprivileged local user with access to SUID or otherwise privileged binary could use this flaw to escalate their privileges on the system...

Cross site request forgery (csrf)

An issue was discovered in UNL-CMS 7.59. A CSRF attack can create new content via ?q=node%2Fadd%2Farticle&render=overlay&render=overlay...

Red Hat glusterfs server RPC request processor component arbitrary file creation vulnerability

Red Hat glusterfs server is an open source distributed file system from Red Hat Red Hat. The system is mainly for media streaming , data analysis and other data and bandwidth intensive tasks to create large-scale distributed storage solutions. A security vulnerability exists in the 'gfs2createreq...

UBUNTU-CVE-2018-10923

It was found that the "mknod" call derived from mknod2 can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node...

glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code

A flaw was found in RPC request using gfs2createreq in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes...