Mail.ru: XSS in a file or folder name

Шаги: - создаем в https://cloud.mail.ru/ папку с именем %22%3e%3cimg src=x onerror=alert1%3e - переходим на страницу https://e.mail.ru/compose - жмем прикрепить файлы из облака...

CVE-2013-4432

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

CVE-2013-4432

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

Code injection

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

CVE-2013-4432

Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders 1 by leveraging an active folder tab loaded before permissions were removed or 2 via the folder parameter to...

CVE-2013-4432

Affected software: Mahara. Vulnerable versions: Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4. Issue: improper access restrictions on folders allows remote authenticated users to read arbitrary folders via (1) an active folder tab loaded before permissions were removed or (2) t...

Sql injection

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

CVE-2014-3246

SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileviewlist action to manageajax.php...

Dropbox Patches Shared Links Privacy Vulnerability

Dropbox has acknowledged and disabled a vulnerable shared links feature that exposed documents stored by the service to third parties. Shared links are a collaboration feature that allows user, especially in a business environment, to share and edit documents. Dropbox rival Intralinks reported th...

CVE-2014-1841

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. dot dot in the src parameter...

Directory traversal

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. dot dot in the src parameter...

Directory traversal

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to obtain the property information of an arbitrary home folder via a Properties action with a .. dot dot in the src parameter...

CVE-2014-1841

Directory traversal vulnerability in the web interface in Titan FTP Server before 10.40 build 1829 allows remote attackers to copy an arbitrary user's home folder via a Move action with a .. dot dot in the src parameter...

Microsoft Windows Compressed Folder Exploit Download Code Execution - Ver2 (CVE-2004-0575)

A code execution vulnerability has been reported in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

FTP Drive + HTTP 1.0.4 Code Execution

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

NCC00643 Technical Advisory: Nessus Authenticated Scan Local Privilege Escalation

...................................... Vulnerability Summary ...................................... Title Nessus Authenticated Scan - Local Privilege Escalation Release Date 20 March 2014 Reference NGS00643 Discoverer Neil Jones Vendor Tenable Vendor Reference RWZ-21387-181 Systems Affected Nessu...

FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability

Document Title: =============== FTP Drive + HTTP 1.0.4 iOS - Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1231 Release Date: ============= 2014-03-20 Vulnerability Laboratory ID VL-ID: ====================================...

Confirmed: Samsung Galaxy S5 has a Fingerprint Scanner

After the huge success of Samsung galaxy S3, Samsung Galaxy S4 and Samsung Tablets, the world’s most successful Android manufacturer is going to reveal its brand new Smartphone Samsung Galaxy S5 next week at Mobile World. Early in 2014, rumors suggested that Samsung Galaxy S5 will have Fingerprin...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

CVE-2013-2639

Cross-site scripting XSS vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder...