Avian JVM 1.2.0 Silent Return Exploit

Avian JVM version 1.2.0 suffers from a silent return issue in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks are performed to prevent out-of-bounds memory read/write. One of these boundary checks makes the code return silently when a negative length is...

Avian JVM 1.2.0 Integer Overflow

Vulnerability title: Avian JVM vm::arrayCopy Multiple Integer Overflows Author: Pietro Oliva CVE: CVE-2020-17360 Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 Description: The issue is located in the vm::arrayCopy method defined in classpath-common.h, where multiple boundary checks...

phpBugTracker 1.6.0 - Multiple Vulnerabilities

Exploit for php platform in category web applications Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-I...

Pragyan CMS 3.0 - SQL Injection

Pragyan CMS 3.0 - SQL Injection Advisory: SQL injection vulnerability in Pragyan CMS v.3.0 Advisory ID: SROEADV-2015-11 Author: Steffen Rösemann Affected Software: Pragyan CMS v.3 Vendor URL: https://github.com/delta/pragyan, http://delta.nitt.edu/ Vendor Status: vendor did not respond after...

Pragyan CMS 3.0 - SQL Injection

Advisory: SQL injection vulnerability in Pragyan CMS v.3.0 Advisory ID: SROEADV-2015-11 Author: Steffen Rösemann Affected Software: Pragyan CMS v.3 Vendor URL: https://github.com/delta/pragyan, http://delta.nitt.edu/ Vendor Status: vendor did not respond after initial communication CVE-ID: -...

ZeroCMS 1.3.3 SQL Injection

Advisory: SQL injection vulnerabilities in zerocms = v.1.3.3 Advisory ID: SROEADV-2015-13 Author: Steffen Rösemann Affected Software: zerocms = v.1.3.3 released 23rd-Jan-2015 Vendor URL: http://aas9.in/zerocms/ Vendor Status: platform will be moving to Rails4 CVE-ID: - ==========================...

Sefrengo CMS 1.6.0 - SQL Injection

Advisory: SQL-Injection in administrative Backend of Sefrengo CMS v.1.6.0 Advisory ID: SROEADV-2015-04 Author: Steffen Rösemann Affected Software: CMS Sefrengo v.1.6.0 Release-Date: 18th-Feb-2014 Vendor URL: http://www.sefrengo.org/start/start.html Vendor Status: fixed CVE-ID: -...

Kajona CMS 4.6 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS Kajona v. 4.6 Advisory ID: SROEADV-2015-01 Author: Steffen Rösemann Affected Software: CMS Kajona v. 4.6 Vendor URL: https://www.kajona.de Vendor Status: solved CVE-ID: - ========================== Vulnerability Description: ==========================...

Absolut Engine 1.73 - Multiple Vulnerabilities

CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...

e107 2.0 Alpha2 Cross Site Request Forgery Vulnerability

e107 version 2.0 Alpha2 suffers from a cross site request forgery vulnerability. Advisory: CSRF vulnerability in CMS e107 v.2 alpha2 Author: Steffen Rösemann Affected Software: CMS e107 v.2 alpha2 Release-Date: 08th-Jun-2014 Vendor URL: http://e107.org Vendor Status: solved CVE-ID: -...

Phpwiki Ploticus Remote Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Phpwiki Ploticus Remote Code Execution', 'Description' = %q The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute...

ManageEngine Eventlog Analyzer Arbitrary File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'ManageEngine Eventlog Analyzer Arbitrary File Upload', 'Description' = %q This module exploits a file upload vulnerability in...

Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

No description provided by source. !/usr/bin/perl Based on - apache-squ1rt.c exploit. Original credit goes to Chintan Trivedi on the FullDisclosure mailing list: http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html More info - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942...

[oss-security] Re: CVE request: PHP configure script and Lynis tool /tmp/ issues reported on full disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 39 if "$OS" = "AIX" ; then 40 TMPFILE=/tmp/lynis.$$ We can make a CVE assignment corresponding to your disclosure of this lynis.$$ issue on oss-security. Use CVE-2014-3982. A CVE for this most likely won't or shouldn't have a...

[oss-security] CVE request: Drupal Flag 7.x-3.5 Module Vulnerability report: Arbitrary code execution due to improper input handling in flag importer

Good morning, Could a CVE please be assigned to http://seclists.org/fulldisclosure/2014/May/44 if one has not been already? Apart from version 7, drupal6-flag-2.1-1.fc20 looks affected - patch applies, but I did not test it. For an older version, drupal6-flag-1.3-3.fc19 appears unaffected. Cheers...

SpamAssassin Milter Plugin 'mlfi_envrcpt()' Remote Arbitrary Command Injection Vulnerability - Active Check

SpamAssassin Milter Plugin is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

Microsoft Internet Explorer - createTextRang Remote (Metasploit)

Microsoft Internet Explorer - createTextRang Remote Metasploit This file is part of the Metasploit Framework and may be redistributed according to the licenses defined in the Authors field below. In the case of an unknown or missing license, this file defaults to the same license as the core...