File Manager v4.2.10 iOS - Code Execution Vulnerability

Document Title: =============== File Manager v4.2.10 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1343 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ==================================== 13...

CVE-2014-2022

SQL injection vulnerability in includes/api/4/breadcrumbscreate.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conceptid argument in an xmlrpc API request...

CVE-2014-6299

Cross-site request forgery CSRF vulnerability in the mmforum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors...

Get Simple CMS 3.3.3 CSRF / XSS / Clickjacking

Affected Vendor: http://get-simple.info/ Date: 23/09/2014 Discovered by: JoeV Type of vulnerability: CSRF, Click-jacking, DOM based XSS and XSS Tested on: Windows 7 Version : 3.3.3 Description: Get Simple CMS v 3.3.3 is susceptible to multiple vulnerabilities such as CSRF, Click-jacking, DOM base...

PT-2014-2315 · Zope +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to execute Python code via a crafted URL, related to createObject. This is possible due to a flaw in the python scripts.py module...

rubygem-activerecord: Strong Parameter bypass with create_with

It was discovered that Active Record's createwith method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record calle...

DEBIAN-CVE-2014-3514

activerecord/lib/activerecord/relation/querymethods.rb in Active Record in Ruby on Rails 4.0.x before 4.0.9 and 4.1.x before 4.1.5 allows remote attackers to bypass the strong parameters protection mechanism via crafted input to an application that makes createwith calls...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create new FTP users via a CreateFTP action in the ftpmanagement module to the default URI, 2 conduct cross-site scriptin...

Ribose Cross Site Request Forgery Vulnerability

The Ribose Online Social Collaboration Platform suffers from a cross site request forgery vulnerability. Vulnerability: CSRF Attack on Ribose Online Social Collaboration Platform Date: 13/08/2014 Author: JoeV Vendor: www.ribose.com Tested on: Windows 7 Description: A CSRF attack forces a logged-o...

SL User Create 0.2.4 - LSL script Secret String Weakness Information Disclosure

The SL User Create WordPress plugin was affected by a LSL script Secret String Weakness Information Disclosure security vulnerability...

ZeroCMS 1.0 - Persistent Cross-Site Scripting

Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability Discovered by: Mayuresh Dani Vendor Homepage: http://www.aas9.in/zerocms/ Software Link: https://github.com/pcx1256/zerocms/archive/master.zip Version: 1.0? Date: 2014-07-25 Tested on: Windows 7 / Mozilla Firefox Ubuntu 14.04 /...

PT-2014-6308 · Hewlett Packard · Hp Data Protector

Name of the Vulnerable Software and Affected Versions: HP Data Protector affected versions not specified Description: The issue allows remote attackers to create arbitrary files via an opcode-1091 request, or create or delete arbitrary files via an opcode-305 request. The vendor reportedly assert...

CVE-2014-2365 Advantech WebAccess Improper Access Control

Unspecified vulnerability in Advantech WebAccess before 7.2 allows remote authenticated users to create or delete arbitrary files via unknown vectors...

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection Vulnerabilities

OL-Commerce version 2.1.1 suffers from cross site scripting and remote SQL injection vulnerabilities. OL-Commerce v2.1.1 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : email protected , email protected .:...

OL-Commerce 2.1.1 Cross Site Scripting / SQL Injection

OL-Commerce v2.1.1 - Multiple Vulnerabilties =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Contact : [email protected] , [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

CVE-2014-4977

Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer 11.0.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 selectedUserGroup parameter in a create new user request to cgi-bin/admin.cgi or the 2 userid parameter in the changeUnit function, 3 methodDeta...

XWiki 4.2-milestone-2 Multiple Stored XSS Vulnerabilities

No description provided by source. Exploit Title: Multiple Stored XSS Vulnerabilities in XWiki. Date: 26/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://www.xwiki.org Software Link: http://enterprise.xwiki.org/xwiki/bin/view/Main/Download Version: 4.2-milestone-2 Gr33Tz:...

Prediction League 0.3.8 CSRF Create Admin User Exploit

No description provided by source...

DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability

No description provided by source. Vendor: http://www.directadmin.com/ Code : Create Administrator : html titleDirectAdmin v1.34.0 XSRF Create Administrator Vulnerability/title !--!Set You'r victim By SarBoT511 !-- form name=reseller action=http://site.com:2222/CMDACCOUNTADMIN method=post input...

MySQL 3.23.x mysqld Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7052/info A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges. An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line...