DirectAdmin 1.34.0 - CSRF Create Administrator Vulnerability

No description provided by source. Vendor: http://www.directadmin.com/ Code : Create Administrator : html titleDirectAdmin v1.34.0 XSRF Create Administrator Vulnerability/title !--!Set You'r victim By SarBoT511 !-- form name=reseller action=http://site.com:2222/CMDACCOUNTADMIN method=post input...

Eclime 1.1.2b Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22705 Reference: http://www.htbridge.ch/advisory/sqlinjectionineclime1.html Product: Eclime Vendor: www.eclime.com http://www.eclime.com/ Vulnerable Version: 1.1.2b Vendor Notification: 16 November 2010 Vulnerability Type: SQL Injection...

am4ss <= 1.2 - Multiple Vulnerabilities

No description provided by source. Exploit Title : am4ss 1.2 = Multiple Vulnerabilities Author : s3n4t00r Home : Sec-w.com Version : all version Date : Jul 31, 2012 XSS Stored 1 1- Register 2 - Login here http://localhost/am4ss/orderdev.php?step=2 3- Create Ticket and add your code html or js 4-...

ILIAS 4.4.1 - Multiple Vulnerabilities

No description provided by source. ============================================================== Title ...| Multiple vulnerabilities in ILIAS Version .| ilias-4.4.1.zip Date ....| 21.02.2014 Found ...| HauntIT Blog Home ....| www.ilias.de...

oscommerce <= 2.2rc2a Bypass/Create and Download Backup Vulnerability

No description provided by source. ======================================================================================== $ | Title : osCommerce online SHop Backup Vulnerability $ | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

Mozilla: Use-after-free and out of bounds issues found using Address Sanitizer (MFSA 2014-49)

Use-after-free vulnerability in the nsTextEditRules::CreateMozBR function in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cause a denial of service heap memory corruption via unspecified vectors...

Cannot create page/s using "Create Page" Button

We are a large corporation currently in the process of rolling out a complete Atlassian Toolchain Jira, Confluence, Bamboo, Stash within the next 4 weeks. Unfortunately in Confluence, we cannot use the "Create Page" Button, as we get the following issue regardless of when this is done or by whom:...

Simple SQLi Dumper v5.1 - Tool to find bugs, errors or vulnerabilities in MySQL database

SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. Functions SQL Injection Operation System Function Dump Database Extract Database Schema Search Columns Name Read File read only Create File read only Brute Table & Column Download Simple SQLi Dumper v5....

Important: Red Hat Security Advisory: cfme security, bug fix, and enhancement update

Updated cfme packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat CloudForms 3.0. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, whi...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to hijack the authentication of users for requests that create categories via unspecified vecto...

Localize: XSS in Groups

Visit the following link after logging in: http://www.localize.io/pages/createproject/3D Add a new group with an XSS string as group name and you will see the XSS execting. String used: ? Thanks, Ben...

Code injection

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

CVE-2013-6456

The LXC driver lxc/lxcdriver.c in libvirt 1.0.1 through 1.2.1 allows local users to 1 delete arbitrary host devices via the virDomainDeviceDettach API and a symlink attack on /dev in the container; 2 create arbitrary nodes mknod via the virDomainDeviceAttach API and a symlink attack on /dev in th...

PT-2018-12629

Name of the Vulnerable Software and Affected Versions Alma Linux kernel kernel-rt packages PAN-OS 7.1.22 and earlier PAN-OS 8.0.15 and earlier PAN-OS 8.1.6 and earlier kernel versions 2.6.x, 3.10.x and 4.14.x Description An integer overflow flaw exists in the Linux kernel's create elf tables...

Race condition

Race condition in the 1 CREATE INDEX and 2 unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables b...

CVE-2014-0062

CVE-2014-0062 is a race-condition vulnerability in PostgreSQL where the (1) CREATE INDEX and (2) unspecified ALTER TABLE operations can be exploited by remote authenticated users to create an unauthorized index or read parts of unauthorized tables by a timing window. Affected PostgreSQL versions ...

Vulnerability in core server (CVE-2014-0062)

Race condition in CREATE INDEX allows for privilege escalation...

FTP Drive + HTTP 1.0.4 Code Execution

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

RedHat Update for postgresql RHSA-2014:0249-01

Check for the Version of postgresql OpenVAS Vulnerability Test RedHat Update for postgresql RHSA-2014:0249-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...