WordPress ShortCode 0.2.3 Local File Inclusion

Title : WordPress ShortCode Plugin - Local File Inclusion Vulnerability Severity : High+/Critical Reporters : Mehdi Karout & Christian Galeone Google Dork : inurl:wp/wp-content/force-download.php Plugin Version : 0.2.3 Plugin Name : Download ShortCode Vendor Home : http://werdswords.com/ Date :...

Cisco Unified Communications Manager SIP Subsystem Vulnerability

A vulnerability in the Session Initiation Protocol SIP subsystem of Cisco Unified Communications Manager Cisco Unified CM could allow an authenticated, remote attacker to trigger a denial of service condition. The vulnerability is due to a failure by the SIP subsystem to properly sanitize...

Cisco Unity Connection SQL Injection Vulnerability

A vulnerability in the web framework code of Cisco Unity Connection could allow an authenticated, remote attacker to execute arbitrary queries on the database. The vulnerability is due to insufficient controls on Structured Query Language SQL statements. An attacker could exploit this vulnerabili...

Cisco Unified Communications Manager Concurrent Login Vulnerability

A vulnerability in the CLI restrictions setting of Cisco Unified Communications Manager could allow an authenticated, remote attacker to remain undetected as an authenticated user. The vulnerability is due to improper sanitization of authenticated users. Cisco has confirmed the vulnerability in a...

Cisco Unity Connection HTTP Intercept Vulnerability

A vulnerability in Cisco Unity Connection Server could allow an authenticated, remote attacker to elevate privileges and obtain full access to the affected system. The vulnerability is due to improper privilege escalation. An attacker may be able to exploit this vulnerability by reading files...

Cisco Prime Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The issue is due to insufficient input validation of parameters by the web...

CMSimple 4.4.4 - Remote File Inclusion

CMSimple 4.4.4 - Remote File Inclusion source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security...

Cisco TelePresence Management Interface Vulnerability

The Cisco TelePresence administrative web interface login page contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input...

Cisco Unified Communications Domain Manager Admin HTTP Redirect Vulnerability

A vulnerability in the web framework of Cisco Unified Communications Domain Manager Cisco Unified CDM Application Software could allow an unauthenticated, remote attacker to redirect a user to a possible malicious website. The vulnerability is due to insufficient validation of user input when...

HP Data Protector Manager 8.10 - Remote Command Execution

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: HP-Data-Protector-8.10 Remote command execution. Date: July 11 2014 Exploit Author: Christian Polunchis Ramirez https://intrusionlabs.org Exploit Author: Henoch Chanoc Barrera https://intrusionlabs.org...

WordPress CopySafe PDF Protection 0.6 Shell Upload

Exploit Title : Wordpress Plugin CopySafe PDF Protection Shell Upload vulnerability Author : Jagriti Sahu Download Link : http://wordpress.org/support/plugin/wp-copysafe-pdf version affected : 0.6 and below Date : 14/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradula and Harry...

Cisco WebEx Meetings Client Heap-Based Buffer Overflow Vulnerability

A vulnerability in the file sharing functionality of the Cisco WebEx Meetings client could allow an unauthenticated, remote attacker to trigger a heap-based buffer overflow in the Cisco WebEx Meetings client running on another user's computer. The vulnerability exists because the affected softwar...

Cisco Unified Communications Manager DNA Path Traversal Vulnerability

A vulnerability in the /dna/viewfilecontents.do URL of the Cisco Unified Communications Manager Dialed Number Analyzer DNA could allow an authenticated, remote attacker to view files from specific locations on the filesystem. The vulnerability is due to insufficient input validation. An attacker...

Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection Exploit Author : Claudio Viviani Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/ Software Link : http://downloads.wordpress.org/plugin/bsk-pdf-manager.zip...

Atom CMS Shell Upload / SQL Injection / Bypass Vulnerabilities

Atom CMS suffers from remote shell upload and remote SQL injection vulnerabilities. Exploit Title : Atom CMS SQL Injection and file upload vulnerability Author : Jagriti Sahu Vendor : https://github.com/thedigicraft/Atom.CMS Date : 07/07/2014 Discovered at : IndiShell Lab Love to : Surbhi, Mradul...

Cisco Intelligent Automation for Cloud Form Data Viewer Utility Vulnerability

A vulnerability in the Form Data Viewer utility of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to view passwords of provisioned systems. The vulnerability is due to the inclusion of passwords in the form data. An attacker could exploit this vulnerability b...

Cisco Intelligent Automation for Cloud MyServices Vulnerabilities

A vulnerability in the MyServices action of Cisco Intelligent Automation for Cloud could allow an authenticated, remote attacker to acquire sensitive information. The vulnerability is due to the inclusion of sensitive information in URLs. An attacker could exploit this vulnerability by viewing...

Cisco Small Cell Command Execution Vulnerability

A vulnerability in the DHCP client implementation of Cisco Small Cell products could allow an unauthenticated, adjacent attacker to execute commands and possibly take full control of the affected device. The vulnerability is due to improper parsing of crafted DHCP messages. An attacker could...

Xt Library Local Root Command Execution Exploit

No description provided by source. include include include define DEFAULTOFFSET 0 define BUFFERSIZE 1491 long getespvoid asmmovl %esp,%eax\n; mainint argc, char argv char buff = NULL; unsigned long addrptr = NULL; char ptr = NULL; char execshell = \xeb\x23 \x5e \x8d\x1e \x89\x5e\x0b \x31\xd2...

Slackware Linux 3.1/3.2 color_xterm Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/369/info In Slackware Linux 3.1 and 3.2, the version of color xterm included is vulnerable to a buffer overflow attack that allows for a local user to gain root access. / colorxterm buffer overflow exploit for Linux with...