PHP 4.x/5.0.x File Upload GLOBAL Variable Overwrite Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may...

MyBulletinBoard 1.0 - Multiple SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14762/info MyBulletinBoard is prone to multiple SQL injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could...

IPSwitch IMail 6.x/7.0.x Web Calendaring Incomplete Post Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5365/info IMail is a commercial email server software package distributed and maintained by Ipswitch, Incorporated. IMail is available for Microsoft Operating Systems. When a HTTP POST command is made to the web calendari...

Fiyo CMS 'Name' POST Parameter Cross-Site Scripting Vulnerability

Fiyo CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : firefox / seamonkey / thunderbird (openSUSE-SU-2014:0212-1)

Mozilla Firefox was updated to version 27. Mozilla SeaMonkey was updated to 2.24, fixing similar issues as Firefox 27. Mozilla Thunderbird was updated to 24.3.0, fixing similar issues as Firefox 27. The Firefox 27 release brings TLS 1.2 support as a major security feature. It also fixes following...

Unrestricted Upload of File with Dangerous Type in BoltWire

High-Tech Bridge Security Research Lab discovered vulnerability in BoltWire, which can be exploited to execute arbitrary PHP code on the target system and gain complete control over vulnerable web application. 1 Unrestricted Upload of File with Dangerous Type in BoltWire: CVE-2014-4169 The...

[SECURITY] Fedora 19 Update: mingw-curl-7.37.0-1.fc19

cURL is a tool for getting files from HTTP, FTP, FILE, LDAP, LDAPS, DICT, TELNET and TFTP servers, using any of the supported protocols. cURL is designed to work without user interaction or any kind of interactivity. cURL offers many useful capabilities, like proxy support, user authentication, F...

SQL Injection in Dolphin | HTB23216

High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in Dolphin, which can be exploited to perform SQL injection attacks and obtain sensitive information from the application database. 1 SQL Injection in Dolphin: CVE-2014-3810 The vulnerability exists due to insufficient...

SQL Injection in Orbit Open Ad Server

Advisory ID: HTB23208 Product: Orbit Open Ad Server Vendor: OrbitScripts, LLC Vulnerable Versions: 1.1.0 and probably prior Tested Version: 1.1.0 Advisory Publication: March 19, 2014 without technical details Vendor Notification: March 19, 2014 Vendor Patch: March 21, 2014 Public Disclosure: Apri...

kitForm CRM Extension 0.43 - sorter.ph?sorter_value SQL Injection

kitForm CRM Extension 0.43 - sorter.ph?sortervalue SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Happy easter.. Product: phpManufaktur / kitForm Version: query$SQL; 3. Exploit 1. import httplib2, socks, urllib 2. 3. Change these values 4. target = "http://fbi.gov" 5. SQLi = "or 1=1...

csChat-R-Box Script Site Cross-Site Scripting Vulnerability

Exploit for cgi platform in category web applications Exploit Title: "csChat-R-Box Script Site" Cross-Site Scripting XSS Google Dork: csChatRBox.cgi Date: 4/10/2014 Exploit Author: Satanic2000 Vendor Homepage: http://www.cgiscript.net Software Link:...

PT-2014-1326 · Cisco · Cisco Asa

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software versions 8.2 before 8.25.47 Cisco Adaptive Security Appliance ASA Software versions 8.3 before 8.32.40 Cisco Adaptive Security Appliance ASA Software versions 8.4 before 8.47.3 Cisco Adaptive...

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities

Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities Document Title: =============== Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1235 Release Date: ============= 2014-03-28 Vulnerabilit...

WordPress WP-Filebase Download Manager插件任意代码执行漏洞

WordPress是一款内容管理系统。 由于通过上传文件时的文件名传递的输入在被用于classes/Admin.php中"exec"的调用时没有正确过滤，攻击者可以利用漏洞通过特制的HTTP POST命令执行任意SHELL命令。 0 WordPress WP-Filebase Plugin 0.x WordPress WP-Filebase Plugin 0.3.0.04版本以修复此漏洞，建议用户下载使用： http://wordpress.org/plugins/wp-filebase/changelog/...

Horde 3.1.x <= 5.1.1 RCE Vulnerability - Active Check

Horde is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:horde:hordegroupware...

Ilch CMS 2.0 - Persistent Cross-Site Scripting

Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Versions: 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 without technical details Vendor Notification: February 12, 2014 Public Disclosure: March 5, 2014 Vulnerability Type: Cross-Site...

CVE-2013-6731

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...

Cross site request forgery (csrf)

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...

CVE-2013-6731

IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote authenticated users to change arbitrary passwords via an HTTP POST request...

doorGets CMS SQL injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability version: doorGets CMS 5.2 Vulnerability description: CVE ID:CVE-2 0 1 4-1 4 5 9 doorGets CMS is a content management system. Since the transfer to"/dg-admin/index.php"script"positiondownid" HTTP POST parameters failed to adequately filtered, the attacker can access the management...