5978 matches found
foxterrier.se XSS vulnerability
Vulnerable URL: http://www.foxterrier.se/member/create.account.php Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 2 VIP website status:| N...
Multiple FireEye Product 'extract_ar.py' Directory Traversal Vulnerabilities
FireEye is a well-known American cybersecurity company. A directory traversal vulnerability exists in the implementation of multiple FireEye products. A remote attacker could exploit this vulnerability to create or overwrite arbitrary files in the user's context...
Google Android libcutils 'native_handle_ create()' function integer overflow vulnerability
Android is an operating system based on the Linux open kernel and is a mobile operating system announced on November 5, 2007 by Google Inc. Google Android suffers from an integer overflow vulnerability in the implementation of the libcutils 'nativehandle create' function, which can be exploited b...
Best Practices for Upgrading a Hypervisor Tools Version in a Citrix Provisioning Environment
This article describes the steps for upgrading a hypervisor tools version in a Citrix Provisioning environment. Use the following procedure to upgrade a Hypervisor: 1. Reverse image the vdisk. 2. Boot from the local HDD on the VM that has been reverse imaged to. 3. Uninstall the PVS target...
CVE-2015-4307
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111...
Synology Download Station Cross-Site Scripting Vulnerability (CNVD-2015-06011)
Synology Download Station is a set of web-based download applications from Synology. A cross-site scripting vulnerability exists in the 'Create download task via URL' feature in Synology Download Station prior to version 3.5-2967, which can be exploited by remote attackers to inject arbitrary web...
PT-2015-2023 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue exists due to insufficient input validation in the Windows operating system, allowing a local attacker to potentially elevate their privileges using a specially crafted applicatio...
Linux/x86 - Create file with permission 7775 and exit Shell Generator
Linux/x86 - Create file with permission 7775 and exit Shell Generator. Shellcode exploit for linx86 platform !/bin/python from sys import argv """ Shellcode Generator... Create file with permission 7775 --------------------------------------------------------------------------------- Disassembly ...
OracleVM 3.3 : net-snmp (OVMSA-2015-0099)
The remote OracleVM system is missing necessary patches to address critical security updates : - Add Oracle ACFS to hrStorage John Haxby orabug 18510373 - Quicker loading of IP-MIB::ipAddrTable 1191393 - Quicker loading of IP-MIB::ipAddressTable 1191393 - Fixed snmptrapd crash when '-OQ' paramete...
Free Reprintables ArticleFR Has Multiple Cross-Site Request Forgery Vulnerabilities
Free Reprintables ArticleFR is an article directory scripting system from Free Reprintables Philippines. Free Reprintables ArticleFR 3.0.6 suffers from multiple cross-site request forgery vulnerabilities that allow remote attackers to hijack an administrator authentication request to add an...
Apple CUPS cupsd Privilege Escalation (CVE-2015-1158)
An elevation-of-privilege vulnerability has been reported in the Apple CUPS. The vulnerability is due to improper processing of print-job or create-job requests sent to cupsd. A remote, unauthenticated attacker can send a specially crafted localized strings to cause the 'admin/conf' and 'admin'...
[SECURITY] Fedora 22 Update: abrt-2.6.0-1.fc22
abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...
Drupal Petition module cross-site scripting vulnerability (CNVD-2015-03892)
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Petitions is one of the petition modules used in the U.S. White House website. A cross-site scripting vulnerability exists in the administration page of the Drupal Petitions module. A...
Drupal Open Graph Importer Module Limit Bypass Vulnerability
Drupal is a free, open source content management system developed in PHP. open Graph Importer is a module that supports back-end administrators or other users to import content from other websites using open graph meta tags. A security vulnerability exists in the Drupal Open Graph Importer module...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that 1 create, 2 delete, or 3 alter invoices via unspecified vectors...
Open redirect
The Open Graph Importer ogtagimporter 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass intended restrictions by leveraging the "import ogtagimporter" permission...
CVE-2015-2993
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to 1 create administrator accounts via a crafted request to /createnewaccount or 2 write to arbitrary files via the fileName parameter to /userentry...
Multiple Cross-Site Request Forgery Vulnerabilities in osCMax
osCMax is a PHP-based open source e-commerce system/shopping cart application that supports multi-language, SSL-secured transactions, multiple payment methods, regional shipping conversion, printing invoices and more. Multiple cross-site request forgery vulnerabilities exist in versions of osCMax...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Template CMS 2.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create an administrator user via an add action to admin/index.php or 2 conduct static PHP code injection attacks via...
WordPress SL User Create Plugin <= 0.2.4 - Information Disclosure
Because of this vulnerability, attackers can obtain sensitive information. Solution Update the plugin...