177 matches found
SOL48448204 - PHP vulnerability CVE-2016-6207
Vulnerability Recommended Actions None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security vulnerability response policy SOL4918: Overview of the F5...
CVE-2016-0782
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...
samba: Insufficient symlink verification in smbd
An access flaw was found in the way Samba verified symbolic links when creating new files on a Samba share. A remote attacker could exploit this flaw to gain access to files outside of Samba's share path...
[SECURITY] Fedora 23 Update: php-pecl-zip-1.13.1-1.fc23
Zip is an extension to create and read zip files...
SOL17254 - NTP-keygen vulnerability CVE-2015-3405
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
SOL17212 - PHP vulnerability CVE-2014-5459
Note: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value. Recommended Action None Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL995...
WSRP: Information disclosure via unsafe concurrency handling in interceptor
It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain...
[SECURITY] Fedora 20 Update: dokuwiki-0-0.24.20140929c.fc20
DokuWiki is a standards compliant, simple to use Wiki, mainly aimed at crea ting documentation of any kind. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the Wiki and eases the creation of structured texts. All data is stored in plain text files no...
Free-MP3-CD-Ripper-1.1
Exploit Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow Software : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version : 1.1 Tested on : Windows xp sp3 en Date : 27/08/2011 Author : X-h4ck Website : http://www.pirate.al , http://theflashcrew.blogspot.com Email : [email protected]...
Slider Revolution/Showbiz Pro shell upload exploit
!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...
Slider Revolution/Showbiz Pro Shell Upload
!/usr/bin/perl Title: Slider Revolution/Showbiz Pro shell upload exploit Author: Simo Ben youssef Contact: SimoatMorxploitcom Discovered: 15 October 2014 Coded: 15 October 2014 Updated: 25 November 2014 Published: 25 November 2014 MorXploit Research http://www.MorXploit.com Vendor: ThemePunch...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the mmforum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspecified vectors...
RuubikCMS 1.1.1 (tinybrowser.php, folder param) - Path Traversal Vulnerability
No description provided by source. Exploit Title: ruubikcms v1.1.1 Path Traversal vulnerability Google Dork: powered by ruubikcms Date: 2013-6-5 Exploit Author: expl0i13r Vendor Homepage: http://www.ruubikcms.com/ Software Link: http://www.ruubikcms.com/ruubikcms/download.php?f=ruubikcms111.zip...
Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3507/info WSFTP Server, a popular FTP server for Microsoft Windows platforms, is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WSFTP Server by default runs as a...
GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability
No description provided by source. Exploit Title: GSPlayer 1.83a Win32 Release Buffer Overflow Vulnerability Date: 2010/11/04 Author: moigai e-mail: [email protected] Software Link: http://www.vector.co.jp/download/file/win95/art/fh296344.html Version: 1.83a Win32 Release Tested on: Windows XP...
PHP-Nuke 7.4 - Admin Exploit
No description provided by source. / old exploit but what pretty code /str0ke / / phpNUKE v7.4 exploit this exploit create new admin with relative passwd that you specified on parameter of exploit you take administrative control of the webPortal Reverences: http://www.osvdb.org/9563 coded by:...
WinUAE 1.4.4 'zfile.c' Stack-Based Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26979/info WinUAE is prone to a local stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. An attacker can...
Localize: Full Path Disclosure / Info Disclosure in Creating New Group
Hi, I found another information disclosure vulnerability/Full Path Disclosure on your application. this time its on Creating New Group Section. Proof of Concept ------------------------- GET : http://www.localize.io/pages/createproject/ project ID POST CONTENT: CSRFToken=TOKEN...
[SECURITY] Fedora 20 Update: mediawiki-1.21.8-1.fc20
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
CVE-2014-1839
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file...