Final Draft 8 - Multiple Stack Buffer Overflows (Metasploit)

Final Draft 8 - Multiple Stack Buffer Overflows Metasploit Name : Final Draft 8 Multiple Stack Buffer Overflows Vendor Website : http://www.finaldraft.com/index.php Date Released : 29/11/2011 Affected Software : Final Draft in in in in in in in By crafting a file that contains more than 10,032...

CVE-2010-4806

The authoring tool in IBM Web Content Manager WCM 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges...

CVE-2010-4806

The authoring tool in IBM Web Content Manager WCM 6.1.5, and 7.0.0.1 before CF003, allows remote authenticated users to bypass intended access restrictions on draft creation by leveraging certain resource editor privileges...

SA-CONTRIB-2011-017 - Save Draft - Validation Bypass

The Save Draft module adds a "Save as draft" button to the node form, letting content creators easily save a post in unpublished draft form. The module adds validation to individual form actions, thereby bypassing any form-wide validation that is normally performed before saving content. This is ...

Code injection

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

DEBIAN-CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

CVE-2011-0701

wp-admin/async-upload.php in the media uploader in WordPress before 3.0.5 allows remote authenticated users to read 1 draft posts or 2 private posts via a modified attachmentid parameter...

Default configuration

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service...

CVE-2011-0680

data/WorkingMessage.java in the Mms application in Android before 2.2.2 and 2.3.x before 2.3.2 does not properly manage the draft cache, which allows remote attackers to read SMS messages intended for other recipients in opportunistic circumstances via a standard text messaging service...

WordPress <= 3.0.4 - Multiple Security Vulnerabilities

Because of these vulnerabilities, remote authenticated users can read draft posts or private posts via a modified "attachmentid" parameter. Solution Update WordPress...

Will Hill Says Twitter Account Has Been Hacked !

A day after feeling that Twitter has been the denigration of Jay Cutler, a former Florida safety of Hill wanted to put in your Twitter account. Hill, Pat Dooley occur on Monday to see the 105-game WYGC, 104.9-FM, says that his Twitter account has been hacked into and inappropriate messages was...

Non-compliant Strict Transport Security (STS)

The remote web server implements Strict Transport Security. However, it does not respect all the requirements of the STS draft standard. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42823; scriptversion"$Revision: 1.7 $"; scriptcvsdate"$Date: 2014/09/19 20:19:00 $"...

CVE-2008-4491

CVE-2008-4491 affects Apple Mail.app 3.5 on Mac OS X. When “Store draft messages on the server” is enabled, draft copies of S/MIME mail are stored in plaintext on the mail server, allowing server admins and remote MITM attackers to read sensitive mail. The provided documents do not include exploi...

Fedora 8 : wordpress-2.3.3-0.fc8 (2008-1559)

Fri Feb 8 2008 John Berninger - 2.3.3-0 - update to 2.3.3 for security fixes - BZ 431547 - Sun Dec 30 2007 Adrian Reber - 2.3.2-1 - updated to 2.3.2 bz 426431, Draft Information Disclosure - Tue Oct 30 2007 Adrian Reber - 2.3.1-1 - updated to 2.3.1 bz 357731, wordpress XSS issue - Mon Oct 15 2007...

WordPress 2.3.1 - Unauthorized Post Access

WordPress 2.3.1 - Unauthorized Post Access source: https://www.securityfocus.com/bid/26885/info WordPress is prone to a vulnerability that lets unauthorized users read draft posts before they have been published. This issue affects WordPress 2.3.1; other versions may also be affected. NOTE: This...

fsfdt-overflow.txt

$ nc -l -p 4321 Microsoft Windows 2000 Version 5.00.2195 C Copyright 1985-2000 Microsoft Corp. E:\draft\fsd1110\windows ------------------------------------------- !/usr/bin/perl FSFDT remote exploit by weakatfraglab.at spawns reverse shell to 10.0.0.100:4321 tested against 'FSFDT Windows FSD Bet...

CVE-2006-7219

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft...

Sql injection

Multiple SQL injection vulnerabilities in W2B Online Banking allow remote attackers to execute arbitrary SQL commands via 1 the draft parameter to mailer.w2b or 2 the listDocPay parameter to DocPay.w2b...