XSS in PDF screen

The "PDF Export Stylesheet" field is not encoded...

USN-791-1: Moodle vulnerabilities

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...

dvbbs delete the upload. inc after the shell was a method-vulnerability warning-the black bar safety net

dvbbs delete the upload. inc after the shell was a method - the premise is to give the front Desk administrative privileges Into the background after Go to the user management Just change the personal e-mail address for %eval requestchr3 5%@163.com After saving Find the mail list export Then expo...

Oracle Outside In多个缓冲区溢出漏洞

Bugraq ID: 34994 CVE ID：CVE-2009-1009 CVE-2009-1010 CVE-2009-1011 CNCVE ID：CNCVE-20091009 CNCVE-20091010 CNCVE-20091011 Oracle Outside In是一款软件开发工具包套件SDK，为开发人员提供了一个访问、转换和控制 400 多种非结构化文件格式的内容的综合解决方案。 Oracle Outside In存在多个缓冲区溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。 -处理Microsoft...

Oracle存在多个安全漏洞

CNCAN ID：CNCAN-2009041604 多个Oracle产品存在漏洞，可导致SQL注入，泄漏敏感信息或使攻击者破坏系统： -Oracle Process Manager和Notification opmn守护程序存在格式串错误，提交特殊构建的POST请求给port 6000/TCP可导致任意代码执行。 -传递给"DBMSAQIN"的输入在使用前缺少过滤，可导致注入任意SQL代码。 -Oracle数据库包含的Application Express组件存在错误，非特权用户可以获得"LOWS030000.WWVFLOWUSER"中的APEX密码HASH。 目前还存在多个未知漏洞。...

Mandriva Update for totem-pl-parser MDVA-2008:152 (totem-pl-parser)

Check for the Version of totem-pl-parser OpenVAS Vulnerability Test Mandriva Update for totem-pl-parser MDVA-2008:152 totem-pl-parser Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute i...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

DEBIAN-CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

CVE-2009-1150

CVE-2009-1150 affects phpMyAdmin: XSS in the export page (display_export.lib.php) via the pma_db_filename_template cookie. Vulnerable when using phpMyAdmin 2.11.x (before 2.11.9.5) or 3.x (before 3.1.3.1). Root cause is insufficient sanitization of cookie data on the Export page, enabling remote ...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

L0phtCrack password cracker set to return

More than two years after Symantec pulled the plug on L0phtCrack, the venerable password cracking tool is being prepped for a return to the spotlight. The original creators of L0phtCrack has reacquired the tool with plans to release a new version at next week’s SOURCE Boston conference. A teaser...

Information disclosure

Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...

CVE-2009-0501

Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...

CVE-2009-0501

CVE-2009-0501 affects Moodle’s Calendar Export feature in Moodle 1.8.x before 1.8.8 and 1.9.x before 1.9.4. The root cause is a Calendar Export flaw that allows an attacker to obtain usernames (sensitive information) and perform brute-force attacks on user accounts. Exploitation vectors are not d...

Thyme 1.3 - export_to Local File Inclusion

Thyme 1.3 - exportto Local File Inclusion | Theme Local File Inclusion / Registerglobals: off | | Version: = 1.3 | | Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved | | Founded by: cheverokatgmail.com |...

Thyme 1.3 - 'export_to' Local File Inclusion

| Theme Local File Inclusion / Registerglobals: off | | Version: = 1.3 | | Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved | | Founded by: cheverokatgmail.com | -------------------------------------------------------------------------------------- Intro: See info...

CVE-2009-0501

Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors...

Ability to grant Import/Export privileges to a group or a user

In our JIRA environment, we have several projects where each of the project admins uploads tasks from a CSV file into their respective project. Inorder for these project admins have the upload permissions, they need to be part of the JIRA System Administration group. This is unacceptable and is a...