CVE-2016-2048

Django 1.9.x before 1.9.2, when ModelAdmin.saveas is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission...

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause some other unspecified effect.

The vulnerability of the VideoFramePool::PoolImpl::CreateFrame function in the media/base/videoframepool.cc module of the Google Chrome browser is related to memory initialization errors for the video-frame data structure. Exploiting this vulnerability may allow a remote attacker to cause service...

FTPShell Client 5.24 - (Create NewFolder) Local Buffer Overflow

Exploit for windows platform in category local exploits ++++++++++++++++++++++++ + Exploit Title: FTPShell Client Add New Folder Local Buffer Overflow + Date: 2/2/2016 +Exploit Author: Arash Khazaei + Vendor Homepage: www.ftpshell.com +Software Link: http://www.ftpshell.com/download.htm + Version...

jenkins: job configuration issues (SECURITY-127, SECURITY-128)

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors...

jenkins: XXE injection into job configurations via CLI (SECURITY-173)

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

Khan Academy: XSS vulnerability in "/coach/roster/" ( create your first class)

Hi Security Team , Today I found xss vulnerability in "/coach/roster/" create your first class steps : - Go to " Manage students " - click in " create your first class " - create your first class Title name === " - click "create class " Good Fix ,...

Security update for ldb, samba, talloc, tdb, tevent (important)

This update for ldb, samba, talloc, tdb, tevent fixes the following security issues and bugs: The Samba LDB was updated to version 1.1.24: - Fix ldap \00 search expression attack dos; CVE-2015-3223; bso11325 - Fix remote read memory exploit in ldb; CVE-2015-5330; bso11599 - Move ldbunpackdata int...

UBUNTU-CVE-2015-5313

Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storagebackendfs.c in libvirt, when fine-grained Access Control Lists ACL are in effect, allows local users with storagevol:create ACL but not domain:write permission to write to arbitrary files via ...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08115)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08114)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

Microsoft Windows Graphics Memory Corruption Vulnerability (CNVD-2015-08116)

Microsoft Windows is a series of operating systems released by the American company Microsoft. A memory corruption vulnerability exists in the Windows font library of Microsoft Windows. The vulnerability exists because the program does not properly handle specially designed embedded fonts. A remo...

User Picker Custom field HTML tags showing when creating new issues

h3. Summary Customer reported that when creating custom field User Picker and added html tags in description field, text link shows correctly in Custom Field screen under Administration Setting. However when creating new issues, the create issue form for User Picker field shows the HTML code not...

User Picker Custom field HTML tags showing when creating new issues

h3. Summary Customer reported that when creating custom field User Picker and added html tags in description field, text link shows correctly in Custom Field screen under Administration Setting. However when creating new issues, the create issue form for User Picker field shows the HTML code not...

UltraIso v 9.6.5 - Buffer Overflow Vulnerability

Exploit for windows platform in category dos / poc !/usr/bin/perl Title : UltraIso v 9.6.5 - Buffer Overflow Vulnerability Author : ZwX Date : 24/10/2015 Vendor : https://www.ezbsystems.com/ Download : http://www.ezbsystems.com/ultraiso/download.htm Tested Os : Windows 7 steps to reproduce the...

CloudBees Jenkins Information Disclosure Vulnerability (CNVD-2015-07826)

CloudBees Jenkins is the open source continuous integration server. CloudBees Jenkins 1.638, LTS 1.625.2 or earlier, an XML external entity vulnerability exists in the create-job CLI command, which can be used by a remote attacker to read arbitrary files through the constructed job configuration,...

CVE-2015-5319

XML external entity XXE vulnerability in the create-job CLI command in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to read arbitrary files via a crafted job configuration that is then used in an "XML-aware tool," as demonstrated by get-job and update-job...

createhistory.create.net XSS vulnerability

Vulnerable URL: http://createhistory.create.net/shop/search.php?q=%22%3E%3Csvg%2Fonload%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| Yes, at 16.11.2015 Latest check for patch:| 16.11.2015 16:55 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

purlsoho.com XSS vulnerability

Vulnerable URL: http://www.purlsoho.com/create/?s="'--; Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 51879 Google Pagerank| 4 VIP website status:| No Check purlsoho.com SSL...

Cisco Secure Access Control Server Security Restriction Bypass Vulnerability (CNVD-2015-07358)

Cisco Secure Access Control Server that is ACS, is the United States Cisco Cisco a security access control server. A security restriction bypass vulnerability exists in Cisco Secure Access Control Server 5.7. It allows an authenticated remote user to bypass expected RBAC restrictions and create...

The vulnerabilities of Adobe Acrobat and Adobe Acrobat Document Cloud for PDF file editing, as well as Adobe Reader and Adobe Reader Document Cloud for PDF file viewing, allow attackers to gain access to protected information stored in the process memory.

The vulnerability of the createSquareMesh function in PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control mechanisms. Exploiting this vulnerability...