6649 matches found
CVE-2014-3758
The CVE refers to a Cross-Site Scripting (XSS) vulnerability in the TYPO3 extension BibTex Publications (si_bibtex) version 0.2.3, exposed through the import functionality. The TYPO3 security bulletin TYPO3-EXT-SA-2014-020 documents affected versions (0.2.3 and below) and lists XSS (alongside SQL...
WordPress Flexolio XSS / Disclosure / File Upload
Hello list! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...
Multiple vulnerabilities in Joomla-Base
Hello 3APA3A! These are Denial of Service, XML Injection, Cross-Site Scripting, Full path disclosure and Insufficient Anti-automation vulnerabilities in Joomla-Base. This is package of Joomla with different plugins with their vulnerabilities. These vulnerabilities are in Google Maps plugin for...
Multiple vulnerabilities in Flexolio for WordPress
Hello 3APA3A! There are Content Spoofing, Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities in Flexolio for WordPress. Which contains TimThumb and CU3ER. In April 2011 I wrote about vulnerabilities in TimThumb...
Multiple vulnerabilities in Js-Multi-Hotel for WordPress
Hello 3APA3A! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. Ther...
Cross site scripting
Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...
CVE-2014-2260
Cross-site scripting XSS vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality...
CVE-2014-2657
CVE-2014-2657 affects PaperCut MF prior to version 14.1 (Build 26983) where the vulnerability lies in the print release functionality, with the impact and attack vectors described as unknown and remotely exploitable in embedded MFPs. The NVD entry notes a base score of 7.5 (HIGH) with NETWORK att...
CVE-2014-2042
CVE-2014-2042 affects Livetecs Timelive; unrestricted file upload in the Manage Project functionality (Uploads/) enables remote code execution. Affected: Timelive up to version 6.2.71. Root cause: lack of file-type restrictions and permissive Read/Execute on uploaded files. Impact: potential arbi...
CVE-2014-0471
Directory traversal vulnerability in the unpacking functionality in dpkg before 1.15.9, 1.16.x before 1.16.13, and 1.17.x before 1.17.8 allows remote attackers to write arbitrary files via a crafted source package, related to "C-style filename quoting."...
Heartbleed Bug (CVE-2014-0160) and Qt
Although Qt as such is not affected by the Heartbleed Bug CVE-2014-0160 found in OpenSSL, it affects users of Qt, so I wanted to write a short summary about the topic. As defined at : "The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakne...
Splunk collect file Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Splunk. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the advanced search...
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities
CMS Made Simple 1.11.10 - Multiple Cross-Site Scripting Vulnerabilities Exploit Title : CMS Made Simple 1.11.10 Multiple XSS Vulnerability Google dork : N/A Date : 02/04/2014 Exploit Author : Blessen Thomas Vendor Homepage : http://www.cmsmadesimple.org/ Software Link : N/A Version : 1.11.10 Test...
WordPress Js-Multi-Hotel 2.2.1 XSS / DoS / Disclosure / Abuse
Hello list! There are multiple vulnerabilities in Js-Multi-Hotel plugin for WordPress. Earlier I wrote about two other vulnerabilities. These are Abuse of Functionality, Denial of Service, Cross-Site Scripting and Full path disclosure vulnerabilities in Js-Multi-Hotel plugin for WordPress. There...
[SECURITY] Fedora 20 Update: python-logilab-common-0.61.0-1.fc20
This package contains several modules providing low level functionality shared among some python projects developed by logilab...
Code injection
Sophos Web Appliance before 3.7.8.2 allows 1 remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the userworkstation variable in a customized template, and remote authenticated users to execute arbitrary commands via she...
PYSEC-2014-62
mailpassword.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password email functionality...
Moderate: Red Hat Security Advisory: redhat-support-plugin-rhev security update
An updated redhat-support-plugin-rhev package that fixes one security issue is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fr...
CVE-2013-6489
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service segmentation fault via a crafted emoticon value, which triggers an integer overflow and a buffer overflow...
CVE-2013-7179
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the pingipaddr parameter...