8687 matches found
CVE-2015-5609
Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php...
CVE-2015-5609
The CVE-2015-5609 entry describes an absolute path traversal in the WordPress Image Export plugin 1.1, allowing remote attackers to read and delete arbitrary files via a full pathname passed to download.php. Affected component is the WordPress Image Export plugin (version 1.1); root cause is a pa...
samba: symlink race permits opening files outside share directory
A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions...
Privilege escalation
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...
CVE-2017-4979
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...
CVE-2017-4979
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...
CVE-2017-4979
EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - 7.2.1.3, and OneFS 7.2.0.x is affected by an NFS export vulnerability. Under certain conditions, after upgrading a cluster from OneFS 7.1.1.x or earlier, users may have unexpected levels of access to some NFS exports...
CVE-2017-4979
CVE-2017-4979 affects EMC Isilon OneFS: versions 8.0.1.0, 8.0.0.0–8.0.0.2, 7.2.1.0–7.2.1.3, and 7.2.0.x. After upgrading a cluster from OneFS 7.1.1.x or earlier, users may obtain unexpected levels of access to some NFS exports. The connected sources reiterate an NFS export vulnerability in OneFS ...
Windows x32 / Windows x64 - cmd.exe Shellcode (718 bytes)
;Full tutorial: https://www.zinzloun.info Windows CMD shellcode ;COMPILE: ;nasm.exe -f win32 dynamic.asm -o dynamic.obj ;SKIP -f win32 to create the .obj file to extract eventually the hex code ;then execute: python bin2hex.py dynamic.obj to get the hex code:...
WordPress Yoast SEO plugin <= 3.3.1 - Cross-site Request Forgery (CSRF) Vulnerability
WordPress Yoast SEO plugin Cross-site Request Forgery CSRF exists on /wp-admin/admin.php?page=wpseotools&tool=import-export page. Solution Update the plugin...
How to export log files from the Citrix Enterprise Layer Manager (ELM)
NOTE: These steps apply to AL prior to 2204. See CTX463786 for the new interface steps You can export logs for your Citrix Enterprise Layer Manager ELM, and send them to the Citrix Support. This article explains what log files are available for export, and which log files are useful for what kind...
Download Monitor <= 1.9.6 - Unauthenticated Downloading of Logs
An Unauthenticated attacker can export download logs from the Plugin. Which includes: Download ID, Version ID, Filename, User ID, User Login, User Email, User IP, User Agent, Date, Status. The information could potentially be used to mount further attacks or just collect contact information...
Weblate: CSV Injection with the CVS export feature - Glossary
Hi, The "Download as a CSV" feature of Weblate does not properly "escape" fields. Here is more information about this issue: http://www.contextis.com/resources/blog/comma-separated-vulnerabilities/ Here is one method to reproduce this issue: 1 I can add new information in Glossary with a name...
Weblate: CSV export filter bypass leads to formula injection.
Dear Weblate bug bounty team, Summary --- The new filter can be bypassed using: %0A-3+3+cmd|' /C calc'!D2. python text = "%0A-3+3+cmd|' /C calc'!D2" def csvfilterbypass: if text and text0 in '=', '+', '-', '@': return "'" + text return text How can this be fixed? --- You need to escape and detect...
Weblate: CSV Injection with the CSV export feature
Step to reproduce : 1.go to https://hosted.weblate.org/dictionaries/aptoide-uploader/bn/add 2.add "=1+1" to Source and Translation filed F178723 3.now do CSV export 4.you can see all the cell is displayed as "2" which means the code is executed. Best Regad's, Jay Patel...
[SECURITY] Fedora 25 Update: bind99-9.9.9-4.P8.fc25
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. This package set contains only export version of BIND libraries, that are used for building ISC DHCP...
CVE-2017-7217
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...
CVE-2017-7217
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...
Code injection
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...
CVE-2017-7217
The Management Web Interface in Palo Alto Networks PAN-OS before 7.0.14 and 7.1.x before 7.1.9 allows remote attackers to write to export files via unspecified parameters...