CVE-2012-1660

Multiple cross-site scripting XSS vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select or other" module is enabled, allow remote authenticated users with the create webform content permission to inject...

Fedora Update for moodle FEDORA-2012-7655

Check for the Version of moodle OpenVAS Vulnerability Test Fedora Update for moodle FEDORA-2012-7655 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Sysax Multi-Server 5.64 Create Folder Buffer Overflow

Sysax Multi-Server 5.64 Create Folder Buffer Overflow. Remote exploit for windows platform $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use...

MobileCarty 1.0 Shell Upload / File Write

Exploit Title: MobileCartly 1.0 Multiple Vulnerabilities Date: 11/08/2012 Author: L0n3ly-H34rT Homepage: http://se3c.tk/ Contact: [email protected] Software Link : http://mobilecartly.com/mobilecartly.zip Tested on: Linux/Windows Remote File Upload : just upload shell.php here :...

Sql injection

SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMSSTATS.GATHERTABLESTATS...

CVE-2012-3132

CVE-2012-3132 affects Oracle Database Server versions 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3. The vulnerability is a SQL injection in the database server that allows a remote authenticated user to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTX...

Command injection

chef-server-api/app/controllers/clients.rb in Chef Server in Chef before 0.9.20, and 0.10.x before 0.10.6, does not require administrative privileges for creating admin clients, which allows remote authenticated users to bypass intended access restrictions by leveraging read permission for the...

CVE-2010-5139

Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote attackers to bypass intended economic restrictions and create many bitcoins via a crafted Bitcoin transaction...

Openconstructor CMS 3.12.0 Cross Site Scripting

Title: Openconstructor CMS 3.12.0 'createobject.php', 'name' and 'description' parameters Stored Cross-site Scrpting vulnerabilities Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...

Am4ss 1.2 Cross Site Scripting

Exploit Title : am4ss 1.2 alert'Sec-w.com' ================================================= Gr34ts 4 : Sec-w.com Members...

am4ss 1.2 <= Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title : am4ss 1.2 alert'Sec-w.com' ================================================= Gr34ts 4 : Sec-w.com Members 0day.today 2018-02-18...

am4ss 1.2 - Multiple Vulnerabilities

Exploit Title : am4ss 1.2 alert'Sec-w.com' ================================================= Gr34ts 4 : Sec-w.com Members...

Scientific Linux Security Update : postgresql and postgresql84 on SL5.x, SL6.x i386/x86_64 (20120521)

PostgreSQL is an advanced object-relational database management system DBMS. The pgdump utility inserted object names literally into comments in the SQL script it produces. An unprivileged database user could create an object whose name includes a newline followed by a SQL command. This SQL comma...

Scientific Linux Security Update : xen on SL5.x i386/x86_64

It was discovered that the hypervisor's para-virtualized framebuffer PVFB backend failed to validate the frontend's framebuffer description properly. This could allow a privileged user in the unprivileged domain DomU to cause a denial of service, or, possibly, elevate privileges to the privileged...

krb5: kadmind denial of service

The check16dummy function in lib/kadm5/srv/svrprincipal.c in kadmind in MIT Kerberos 5 aka krb5 1.8.x, 1.9.x, and 1.10.x before 1.10.2 allows remote authenticated administrators to cause a denial of service NULL pointer dereference and daemon crash via a KRB5KDBDISALLOWALLTIX create request that...

CentOS Update for postgresql84 CESA-2012:0678 centos5

Check for the Version of postgresql84 OpenVAS Vulnerability Test CentOS Update for postgresql84 CESA-2012:0678 centos5 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

Sysax Multi Server 5.64 Buffer Overflow

require 'msf/core' require 'base64' class Metasploit3 'Sysax Multi Server 5.64 Create Folder BoF', 'Description' = %q This module exploits a stack buffer overflow in the create folder function in Sysax Multi Server 5.64. This issue was fixed in 5.66. You must have valid credentials to trigger the...

CVE-2012-0866

CVE-2012-0866 affects PostgreSQL components where CREATE TRIGGER does not properly check the execute permission for trigger functions marked SECURITY DEFINER. Versions vulnerable: 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3. Impact: remote authenticated us...

Design/Logic Flaw

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on...

PT-2012-2877 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.6 Moodle versions 2.1.x through 2.1.3 Moodle versions 2.2.x through 2.2.0 Description: The form-autocompletion functionality makes it easier for physically proximate attackers to discover passwords by reading...