8688 matches found
CVE-2017-1000039
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution...
CVE-2017-1000051
Cross-site scripting XSS vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content...
CVE-2017-1000039
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution...
Cross site scripting
Cross-site scripting XSS vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content...
Design/Logic Flaw
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution...
CVE-2017-1000051
Cross-site scripting XSS vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content...
CVE-2017-1000039
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution...
[SECURITY] Fedora 26 Update: bind99-9.9.10-1.P2.fc26
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP...
Steamer - Import, Search, and Manage Public Password Breach Data
Import, manage, search public dumps. Do you have massive amounts of CSV, .sql, .txt, that have credentials, passwords, and hashes inside? Use Steamer to manage them! Load them into a MongoDB database, and either uses the console directly or just use the handy web interface complete with JSON...
CVE-2017-7918
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive...
Improper access control
An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive...
Elasticsearch Logstash Denial of Service Vulnerability
Elasticsearch Logstash is a set of log analysis and monitoring tools from Elasticsearch Netherlands. The tool provides functions such as search, processing and management of logs or events. A security vulnerability exists in Elasticsearch Logstash versions prior to 2.3.3. A remote attacker can...
How to Restore from Microsoft Exchange 2007 with Veeam Backup and Replication
Challenge This KB article documents the procedure for restoring Exchange 2007 application items using a Surebackup job with export to PST. Please note that as of April 2017, Microsoft no longer supports Exchange 2007. As such, steps 7 and 8 of this process are no longer supported by Veeam Technic...
Schneider Electric U.motion Builder track_import_export remote code execution vulnerability
U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...
(0Day) Schneider Electric U.motion Builder track_import_export SQL Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of trackimportexport.php, which is exposed on the web...
InsightVM/Nexpose Patch Tuesday Reporting
Many of our customers wish to report specifically on Microsoft patch related vulnerabilities. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects...
MyBB < 1.8.12 Multiple Vulnerabilities
Binary data 700128.prm...
kernel security, bug fix, and enhancement update
3.10.0-514.21.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-514.21.1 - kernel sched/core: Fix an SMP ordering race in trytowakeup vs...
kernel: Oops in shash_async_export()
A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shashasyncexport by attempting to force the in-kernel hashing algorithms into decrypting an empty data set...
CVE-2015-5609
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php...