8688 matches found
Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Symantec Messaging Gateway. Authentication is required to exploit this vulnerability. The specific flaw exists within the export servlet. When parsing the snmpFileName parameter, the proces...
WordPress CSV Import-Export plugin <=1.1.0 - Multiple Cross-Site Scripting (XSS) vulnerabilities
Multiple Cross-Site Scripting XSS vulnerabilities found in WordPress CSV Import-Export plugin versions =1.1.0. Solution Dec 20, 2017 - we were unable to find a patched version of this plugin last updated three years ago. Uninstall or use it at your own risk...
CVE-2017-17753
Multiple cross-site scripting XSS vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 cietype, 2 cieimport, 3 cieupdate, or 4 cieignore parameter to includes/admin/views/esb-cie-import-export-page.ph...
CVE-2017-17753
The CVE-2017-17753 entry concerns the WordPress plugin esb-csv-import-export (versions up to 1.1). The vulnerability is an XSS in includes/admin/views/esb-cie-import-export-page.php where the GET parameters cie_type, cie_import, cie_update, and cie_ignore are echoed back to the user without prope...
Csv Import-Export <= 1.1 - Authenticated Cross-Site Scripting (XSS)
The csv-import-export WordPress plugin was affected by an Authenticated Cross-Site Scripting XSS security vulnerability...
[SECURITY] Fedora 27 Update: rubygem-yard-0.9.8-4.fc27
YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...
N4xD0rk - Listing Subdomains About A Main Domain
Listing subdomains about the main domain using the technique called Hacking with search engines. Usage usage: n4xd0rk.py -h -d DOMAIN -i IP -o OPTION -n SEARCH -e EXPORT -l LANGUAGE This script searchs the subdomains about a domain using the results indexed of Bing search. optional arguments: -h,...
Ramco mHub - Customized SSL, Exported components, External URLs vulnerabilities
HackApp vulnerability scanner discovered that application Ramco mHub published at the 'play' market has multiple vulnerabilities...
Palo Alto Networks PAN-OS Security Bypass Vulnerability (CNVD-2017-37959)
Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security bypass vulnerability exists in the Configuration File Export for Applications, Spyware, and Vulnerable Objects feature of the web interface in Palo Alto Networks PAN-OS...
Umeng Push SDK Export Service Component Code Execution Vulnerability
Umeng Push SDK is a set of software development kits for developing message push programs from China AUO Umeng. Export Service component is one of the export components. A security vulnerability exists in the Export Service component in Umeng Push SDK version 3.1.X prior to 3.1.3. An attacker can...
CMSsc4n - Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop
Tool to identify if a domain is a CMS such as Wordpress, Moodle, Joomla, Drupal or Prestashop. Use python cmssc4n.py -h / | / |/ | | || | | | | \ / | | || | | | | |/| |\ / |/ | | ' \ | || | | | \ \ | | | | | | || ||/|/| || || || Tool to scan if a domain is a CMS Wordpress , Drupal, Joomla,...
Skype Log Viewer - Download and View Skype History Without Skype
Download and View Skype History Without Skype. This program allows you to view all of your skype chat logs and then easily export them as text files. It correctly organizes them by conversation, and makes sure that group conversations do not get jumbled with one on one chats. Features Download...
Open Source Threat Intelligence Gathering & Processing Framework: GOSINT
The GOSINT framework is a project used for collecting, processing, and exporting high quality indicators of compromise IOCs. GOSINT allows a security analyst to collect and standardize structured and unstructured threat intelligence. Applying threat intelligence to security operations enriches...
Failed to import Veeam Cloud Connect certificate after Veeam Availability Console server migration
Challenge After migrating your Veeam Availability Console VAC installation to a new server and adding an existing Veeam Cloud Connect VCC server, the following certificate error may be observed: Failed to import certificate from the Veeam Cloud Connect server. See debug logs for more information...
CVE-2010-2232
In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...
CVE-2017-1000133
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages...
Code injection
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages...
CVE-2017-1000133
Mahara versions affected: 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. The vulnerability allows an attacker to cause another user’s artefacts to be included in the attacker’s Leap2a export, effectively enabling exposure of another user’s artefacts. Some connected sources ...
Trello: CSV injection [N/A]
Hello, We can inject commands in the name field of a board =210 or =cmd|'/C calc'!AO for example, and when it's exported to CSV it will be evaluated to 20 in the corresponding cell, this enables an attacker to spread malware and execute system level commands on a victim's machine if the victim...
Uniview - Remote Command Execution Export Config (PoC)
Uniview - Remote Command Execution Export Config PoC STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...