Orbis CMS 1.0.2 - Multiple CSRF Vulnerabilities

No description provided by source. !--- Title: Orbis CMS 1.0.2 Multiple CSRF Vulnerabilities Author: 10n1z3d 10n1z3datwdotcn Date: Sun 11 Jul 2010 08:08:10 PM EEST Vendor: http://www.novo-ws.com/orbis-cms/ Download: http://www.ohloh.net/p/orbis-cms/download?filename=orbis-1.0.2.zip --- -= CSRF Po...

Nuked-Klan 1.x Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10104/info Nuked-Klan is prone to multiple vulnerabilities. These issues include information disclosure via inclusion of local files, an issue that may permit remote attackers to corrupt configuration files and an SQL...

BPTutors Tutoring site script - [ CSRF ] Create Administrator Account

No description provided by source. Title: BPTutors Tutoring site script - CSRF Create Administrator Account Date: 26/3/2010 Author: bi0 Software: http://bpowerhouse.info/tutoring-site-script.htm Version: 1.0 Code : /\ == \ /\ \ /\ \ \ \ \ \ \ \ \ /\ \ \ \ \ \ \ \ // // // 01000010 01101001...

Oracle <= 9i / 10g (extproc) - Local/Remote Command Execution Exploit

No description provided by source. -- -- $Id: raptororaextproc.sql,v 1.1 2006/12/19 14:21:00 raptor Exp $ -- -- raptororaextproc.sql - command exec via oracle extproc -- Copyright c 2006 Marco Ivaldi [email protected] -- -- Directory traversal vulnerability in extproc in Oracle 9i and 10g --...

oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability

No description provided by source. ======================================================================================== $ | Title : osCommerce online SHop Backup Vulnerability $ | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

Eclime 1.1.2b Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22705 Reference: http://www.htbridge.ch/advisory/sqlinjectionineclime1.html Product: Eclime Vendor: www.eclime.com http://www.eclime.com/ Vulnerable Version: 1.1.2b Vendor Notification: 16 November 2010 Vulnerability Type: SQL Injection...

Limny 2.0 - Create Admin User CSRF Exploit

No description provided by source...

Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...

Cannot create page/s using "Create Page" Button

We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vecto...

Localize: XSS in Groups

Visit the following link after logging in: http://www.localize.io/pages/createproject/3D Add a new group with an XSS string as group name and you will see the XSS execting. String used: ? Thanks, Ben...

Code injection

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

PT-2018-12629

Name of the Vulnerable Software and Affected Versions Alma Linux kernel kernel-rt packages PAN-OS 7.1.22 and earlier PAN-OS 8.0.15 and earlier PAN-OS 8.1.6 and earlier kernel versions 2.6.x, 3.10.x and 4.14.x Description An integer overflow flaw exists in the Linux kernel's create elf tables...

Race condition

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

CVE-2014-0062

CVE-2014-0062 is a race-condition vulnerability in PostgreSQL where the (1) CREATE INDEX and (2) unspecified ALTER TABLE operations can be exploited by remote authenticated users to create an unauthorized index or read parts of unauthorized tables by a timing window. Affected PostgreSQL versions ...

Vulnerability in core server (CVE-2014-0062)

Race condition in CREATE INDEX allows for privilege escalation...

FTP Drive + HTTP 1.0.4 Code Execution

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...