EUVD-2019-0320

Malware in sbrugna...

Elastic Kibana 跨站脚本漏洞

Elastic Kibana is an application from the Dutch company Elastic. A free and open user interface that enables you to visualize Elasticsearch data and lets you navigate through the Elastic Stack. A security vulnerability exists in Elastic Kibana that stems from not cleaning up document fields that...

Open-Xchange: SSRF - Image Sources in HTML Snippets - 727234 bypass

This is about incomplete fix for my recent bug 727234. In short, the /ajax/snippet?action=import endpoint allows to create HTML snippets. URLs of images are extracted from HTML and their content is fetched and attached to created snippet. For more details please see 727234. With the fix applied,...

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

CVE-2016-10569

embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the...

WordPress Ad-Manager 1.1.2 Open Redirect

CVE-2014-8754 WordPress “Ad-Manager Plugin” Dest Redirect Privilege Escalation Exploit Title: WordPress Ad-Manager Plugin Dest Redirect Privilege Escalation Vulnerability Product: WordPress Ad-Manager Plugin Vendor: CodeCanyon Vulnerable Versions: 1.1.2 Tested Version: 1.1.2 Advisory Publication:...