8698 matches found
mantisbt: arbitrary code execution and unrestricted access
CVE-2014-7146 arbitrary code execution When importing data with the plugin, user input passed through the "description" field and the "issuelink" attribute of the uploaded XML file isn't properly sanitized before being used in a call to the pregreplace function which uses the 'e' modifier. This...
Asterisk Password Spy v3.1 - Windows Asterisk Password Recovery Tool
Asterisk Password Spy is the FREE tool to instantly reveal the hidden password behind asterisks . It's user friendly interface can help you to easily find the passwords from any Windows based application.You can simply drag the 'search icon' to any password box to find the real password hidden by...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.10.1-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
PT-2015-1696
Name of the Vulnerable Software and Affected Versions TLS protocol versions 1.2 and earlier Description The issue concerns a problem with the TLS protocol where a DHE EXPORT ciphersuite is enabled on a server but not on a client, allowing man-in-the-middle attackers to conduct cipher-downgrade...
SaaS Marketing platform Hubspot export vulnerability
Hubspot is a widely used SaaS marketing platform to email all your customers, collect data about them and attract new customers. It's is common practice to keep customer lists in Hubspot to send newsletters or other email communication. Hubspot has hardcoded roles that grant users access to vario...
Bash Me Some More
Good morning! This is kinda long. == Background == If you are not familiar with the original bash function export vulnerability CVE-2014-6271, you may want to have a look at this article: http://lcamtuf.blogspot.com/2014/09/quick-notes-about-bash-bug-its-impact.html Well, long story short: the...
Ecava IntegraXor < 4.2.4458 Multiple Vulnerabilities
Binary data scadaintegraxor424458.nbin...
Sucuri: Usage of HTTP for exporting graph data as images
Whenever a user of waf.sucuri.net exports his reports graph data as a png, an unencrypted request is sent over to export.highcharts.com. This enables a mitm-able attacker to sniff and|or replace exported image. Also, the whole practice of offloading potentially private user data to an unrelated...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.8.1-2.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
[SECURITY] Fedora 21 Update: phpMyAdmin-4.2.8.1-2.fc21
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
phpMyFAQ 2.8.X - Multiple Vulnerabilities
No description provided by source. Title: phpMyFAQ 2.8.X - Multiple Vulnerabilities Vendor: phpmyfaq.de Date: 04.09.19 Version: = 2.8.12 Latest ATM Tested on: Apache 2.2 / PHP 5.4 / Linux Contact: smash at devilteam.pl 1 Persistent XSS Administrator is able to view information about specific user...
CVE-2014-2375
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service disk consumption, via the CSV export feature...
CVE-2014-2375
CVE-2014-2375 affects Ecava IntegraXor SCADA Server (Stable 4.1.4360 and earlier; Beta 4.1.4392 and earlier) via the CSV export feature, which allows an unauthenticated user to read or write arbitrary files and potentially cause a denial of service. The root cause is External Control of File Name...
CVE-2014-2375 Ecava IntegraXor SCADA Server External Control of File Name or Path
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service disk consumption, via the CSV export feature...
CVE-2014-6072: CSRF vulnerability in the Web Profiler
Affected Versions All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintaine...
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.7.1-1.fc19
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
WooCommerce Store Exporter 1.7.5 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WooCommerce Store Exporter v1.7.5 Stored XSS Google Dork: inurl:"woocommerce-exporter" Date: 26/08/2014 Exploit Author: Mike Manzotti @ Dionach Vendor Homepage: http://www.visser.com.au/plugins/store-exporter/ Software Link:...
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.7.1-1.fc20
phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Disqus Comment System plugin 2.77 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 activate or 2 deactivate the plugin via the active parameter to wp-admin/edit-comments.php, 3...
SimpleProgramDebugger - Simple program debugger that shows all debug events
SimpleProgramDebugger is a simple debugging tool for Windows that attaches to existing running program or starts a new program in debugging mode, and then displays all major debugging events occurs while the program is running, including Exception, Create Thread, Create Process, Exit Thread, Exit...