8692 matches found
UBUNTU-CVE-2018-1135
An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...
Intelbras NCLOUD 300 Denial of Service Vulnerability
Intelbras NCLOUD 300 is a wireless router device from Intelbras, Brazil. A security vulnerability exists in Intelbras NCLOUD 300 version 1.0, which stems from the program failing to require authentication. An attacker can exploit the vulnerability by sending requests to /cgi-bin/ExportSettings.sh...
OpenFire User Import Export Plugin XML External Entity Injection Vulnerability
OpenFire is an open source real-time collaboration RTC server . User Import Export Plugin is one of the ability to import and export Openfire user data through the management console plugin . An XML external entity injection vulnerability exists in the OpenFire User Import Export Plugin version...
CVE-2018-11094
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and...
Design/Logic Flaw
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2017-2815
An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web request can cause the retrieval of arbitrary files or denial of service. An authenticated attacker can send a crafted web request to trigger this vulnerability...
CVE-2017-2815
OpenFire User Import Export Plugin 2.6.0 is vulnerable to XML External Entity (XXE) injection (CVE-2017-2815). An authenticated attacker can send a crafted request to trigger XXE, enabling retrieval of arbitrary files or causing a Denial of Service. Affected component: OpenFire User Import Export...
SQL Injection Vulnerability in Longcai Technology Cms
Longcai Technology Group is a high-tech enterprise with website construction, network promotion, network engineering construction, software development, computer maintenance and multimedia video production as its main business. Longcai Technology Cms has a SQL injection vulnerability. Attackers c...
SQL Injection Vulnerability in Guangzhou Lianxiang Cms
Guangzhou Lianxiang Information Technology Co., Ltd. is an e-commerce Internet enterprise that specializes in website construction, micro letter development and website development. Guangzhou Lianxiang CMS has a SQL injection vulnerability. Attackers can use the vulnerability to perform malicious...
Oracle Fusion Middleware Outside In Technology Component Denial of Service Vulnerability (CNVD-2018-10966 )
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle Corporation. The platform provides middleware, software collections, etc. Outside In Technology is one of the software development kit components. A securi...
HWiNFO 5.82-3410 - Denial of Service
HWiNFO 5.82-3410 - Denial of Service !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: HWiNFO 5.82-3410 - Denial of Service Date: 05-04-18 Vulnerable Software: HWiNFO 5.82-3410 Vendor Homepage: https://www.hwinfo.com/ Version: 5.82-3410 Software Link:...
WordPress Woo Import Export 1.0 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability found by Lenon Leite in WordPress Woo Import Export version 1.0. Solution This plugin was closed on 26th January 2018 and is no longer available for download. Reason: Security Issue. Deactivate and uninstall...
CVE-2014-2552
Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...
Code injection
Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...
CVE-2014-2552
Brookins Consulting BC Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data...
CVE-2014-2552
The CVE-2014-2552 entry concerns Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0, which is described as not properly restricting access to sensitive data. The incident is exploitable remotely with network access and requires no authentication, enabling partial...
[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.0.1-1.fc28
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Vaultize Enterprise File Sharing Information Disclosure Vulnerability
Vaultize Enterprise File Sharing is an enterprise file sharing solution from Vaultize Technologies, USA. The solution includes features such as data retention management, versioning, secure data handling, data backup and recovery. A security vulnerability exists in Vaultize Enterprise File Sharin...