Virtuozzo 6 : httpd / httpd-devel / httpd-manual / httpd-tools / etc (VZLSA-2017-1721)

An update for httpd is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

XML external entity expansion in org.apache.solr:solr-core

This vulnerability in Apache Solr 6.0.0 to 6.6.4 and 7.0.0 to 7.3.1 relates to an XML external entity expansion XXE in Solr config files currency.xml, enumsConfig.xml referred from schema.xml, TIKA parsecontext config file. In addition, Xinclude functionality provided in these config files is als...

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...

WordPress Wechat Broadcast 1.2.0 Plugin - Local File Inclusion Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: N/A Description This bug was found in the file:...

Wechat Broadcast <= 1.2.0 - Local/Remote File Inclusion

This bug was found in the file: /wechat-broadcast/wechat/Image.php echo filegetcontentsisset$GET"url" ? $GET"url" : ''; The parameter "url" it is not sanitized allowing include local or remote files To exploit the vulnerability only is needed use the version 1.0 of the HTTP protocol to interact...

WordPress Wechat Broadcast 1.2.0 Local File Inclusion

Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: N/A Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...

WordPress Plugin Localize My Post 1.0 - Local File Inclusion

WordPress Plugin Localize My Post 1.0 - Local File Inclusion Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found...

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion

WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug w...

LG Smart IP Device Detection (HTTP)

HTTP based detection of LG Smart IP devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...

Spoofing

A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK...

CVE-2018-8479

Azure IoT SDK Spoofing Vulnerability (CVE-2018-8479) affects the C SDK for Azure IoT Device Provisioning on Windows using the HTTP transport. The root cause is improper validation of HTTP certificates in the transport library, enabling potential server impersonation via spoofing/MITM during provi...

Polymorph - A Real-Time Network Packet Manipulation Framework With Support For Almost All Existing Protocols

Polymorph is a framework written in Python 3 that allows the modification of network packets in real time, providing maximum control to the user over the contents of the packet. This framework is intended to provide an effective solution for real-time modification of network packets that implemen...

The vulnerability of the JSF server component in WebLogic Server allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the WebLogic Server application server’s JSF component is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected data or cause service failures using the HTTP protocol...

The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...

The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data or...

The vulnerability of the Print Server component in the business application for managing and distributing information to customers, known as One-to-One Fulfillment, allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the Print Server component in the business application for managing and distributing information to customers, known as One-to-One Fulfillment, is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to ga...

The vulnerability of the Outside In Filters component of the software development kit (SDK) provided by Outside In Technology allows a perpetrator to gain unauthorized access to protected data or cause service failures.

The vulnerability of the Outside In Filters component within the software development kit SDK of Outside In Technology is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected data or cause service failures...

The vulnerability of the User Interface component of the Trade Management business platform allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the User Interface component of the Trade Management business platform is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of Oracle Marketing’s User Interface component allows a hacker to gain unauthorized access to protected data.

The vulnerability of Oracle Marketing’s User Interface component is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system, which allows a malicious actor to gain unauthorized access to protected data

The vulnerability of the Preferences component of the Oracle CRM Technical Foundation system relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP protocol...