Mail.ru: [allods.my.com] Full SQL Disclosure

Уязвимость имеет ту же природу, что и в 96729 и в 96727. Уязвимость возникает вследствие чтения ошибок через включенный Debug-режим. И там, и там - раскрытие информации за счёт debug-режима. Но для того, что бы раскрыть SQL запрос необходимо произвести Stress-тест многочисленными запросами любой...

openstack-ironic-discoverd: potential remote code execution with debug mode enabled

It was discovered that enabling debug mode in openstack-ironic-discoverd also enabled debug mode in the underlying Flask framework. If errors were encountered while Flask was in debug mode, a user experiencing an error might be able to access the debug console effectively, a command shell...

Important: Red Hat Security Advisory: openstack-ironic-discoverd security update

Updated openstack-ironic-discoverd packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 7.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Apache Struts Cross-Site Scripting Vulnerability (CNVD-2015-06370)

Apache Struts is an open source framework for creating enterprise Java Web applications. Apache Struts debug mode suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain...

Mail.ru: [riot.mail.ru] Reflected XSS in debug-mode

Приветствую. Уязвимость существует за счёт отображения всех запросов к серверу в режиме отладки, доступными любому пользователю. Как следствие мы имеем 2 нехороших проблемы: 1 Full SQL Disclosure Run query: SELECT FROM forumconfig Run query: SELECT catid,name FROM forumcats ORDER BY orderid Run...

Important: Red Hat Security Advisory: openstack-packstack and openstack-puppet-modules security and bug fix update

Updated openstack-packstack and openstack-puppet-modules packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 6.0. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

phpb2b最新版sql注入

简要描述： RT 详细说明： 在faircontrol.php中： function addpost global $charset, $pbuser; if empty$pbuser die"".iconv$charset, "UTF-8//IGNORE", L"pleaseloginfirst"; $thememberid = $pbuser'pbuserid'; $companyid = ''; ifisset$POST'do' && isset$POST'id' pbsubmitcheck'do'; if $this-expo-checkExist$POST'id' &&...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

CVE-2014-8724

CVE-2014-8724 affects the WordPress plugin W3 Total Cache up to version before 0.9.4.1 . The root cause is improper sanitization of user-supplied input in the HTML comments for the Cache key when the page cache debug info is enabled, allowing a reflected XSS scenario via PATH_INFO to the default ...

CVE-2014-8724

Cross-site scripting XSS vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the "Cache key" in the HTML-Comments, as demonstrated by the PATHINFO to the default URI...

PT-2014-8691 · Frederick Townes · W3 Total Cache

Name of the Vulnerable Software and Affected Versions: W3 Total Cache plugin versions prior to 0.9.4.1 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the Cache key in the HTML-Comments when debug...

Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)

The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...

Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...

CA iTechnology iGateway Debug Mode Buffer Overflow

No description provided by source. $Id: caigatewaydebug.rb 9179 2010-04-30 08:40:19Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of...

Mod_Gzip 1.3.x Debug Mode Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7769/info Modgzip is reported prone to a stack overflow, format string vulnerability and a file corruption issue due to a predictable naming scheme for log files. Exploitation of these issues could result in execution of...

Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stor...

Apache mod_gzip (with debug_mode) <= 1.2.26.1a Remote Exploit

No description provided by source. / \ exploit code for modgzip with debugmode = 1.2.26.1a / \ Created by xCrZx crazyeinstein yahoo com /05.06.03/ / \ Tested on RedHat 8.0 Psyche here is target for it, / also tested on FreeBSD 4.7 1.3.19.2a here is no target for it : / \ / / \ / Single mode: \ /...

Invision Power Board <= 2.1.7 (Debug) Remote Password Change Exploit

No description provided by source. ?php / Debug Mode password change vulnerability Affects Invision Power Borard 2.0.0 to 2.1.7 by Rapigator This works if: Debug Level is set to 3 or Enable SQL Debug Mode is turned on In General Configuration of the forum software. / // The forum's address up to...

InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious script cod...