Dropshix <= 4.0.11 - Arbitrary Product Import

Due to lack of authorisation and CSRF checks in the AJAX function xoxImportItem...

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system devices allows a attacker to obtain the user’s encrypted SSH key or import an encrypted SSH key protected by a password.

The vulnerability of the command-line interface of the Cisco NX-OSS network operating system is related to errors in managing SSH keys. Exploiting this vulnerability can allow an attacker to obtain a secret SSH key of a user or import a secret SSH key protected by a password...

mybb -- vulnerabilities

mybb Team reports: High risk: Theme import stylesheet name RCE High risk: Nested video MyCode persistent XSS Medium risk: Find Orphaned Attachments reflected XSS Medium risk: Post edit reflected XSS Medium risk: Private Messaging folders SQL injection Low risk: Potential phar deserialization...

OPENSUSE-SU-2019:1527-1 Security update for rmt-server

This update for rmt-server to version 2.1.4 fixes the following issues: - Fix duplicate nginx location in rmt-server-pubcloud bsc1135222 - Mirror additional repos that were enabled during mirroring bsc1132690 - Make service IDs consistent across different RMT instances bsc1134428 - Make SMT data...

Directory traversal

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

CVE-2019-12169

ATutor 2.2.4 allows Arbitrary File Upload and Directory Traversal, resulting in remote code execution via a ".." pathname in a ZIP archive to the mods/core/languages/languageimport.php aka Import New Language or mods/standard/patcher/indexadmin.php aka Patcher component...

PT-2019-12675 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.4 Description: The issue allows for arbitrary file upload and directory traversal, resulting in remote code execution. This can be achieved by including a ".." pathname in a ZIP archive uploaded to specific components, such...

[SECURITY] Fedora 30 Update: drupal7-path_breadcrumbs-3.4-1.fc30

Path breadcrumbs module helps you to create breadcrumbs for any page with a ny selection rules and load any entity from the URL. Features Breadcrumbs navigation may be added to any kind of page: static example: node/1 or dynamic example: node/NID. You can load contexts from URL and use it like...

CVE-2019-11875

In AutomateAppCore.dll in Blue Prism Robotic Process Automation 6.4.0.8445, a vulnerability in access control can be exploited to escalate privileges. The vulnerability allows for abusing the application for fraud or unauthorized access to certain information. The attack requires a valid user...

Exploit for Path Traversal in Atutor

ATutor 2.2.4 Arbitrary File Upload / RCE CVE-2019-12169 - E...

Microsoft Windows (x84) - Task Scheduler (.job) Import Arbitrary Discretionary Access Control List

Exploit for windows platform in category local exploits Microsoft Windows x84 - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation Task Scheduler .job import arbitrary DACL write Tested on: Windows 10 32-bit Bug information: There are two...

Input validation

CSV Injection was discovered in ProjectSend before r1053, affecting victims who import the data into Microsoft Excel...

CVE-2018-7201

CVE-2018-7201 corresponds to a CSV Injection vulnerability in ProjectSend prior to version r1053. The issue arises when exporting/loading data for use in Microsoft Excel, enabling injection via CSV fields. Affected product: ProjectSend (before r1053). Root cause details are described only as a CS...

UBUNTU-CVE-2019-9892

An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of...

ProjectSend CVS Injection Vulnerability

rojectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A CVS injection vulnerability exists in versions prior to ProjectSend r1053 that affects victims who import data into Microsoft Excel...

CVE-2019-1731

A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate with valid administrator device credentials. The...

Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

The extension fails to properly encode user input for output in HTML context...

CVE-2018-20580

The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file...

CVE-2018-20580

The CVE-2018-20580 vulnerability affects SmartBear ReadyAPI 2.5.0 and 2.6.0, where WSDL import functionality can be abused to execute arbitrary Java code via a crafted parameter in a WSDL file. This is supported by multiple public references and exploits describing remote code execution. CVSSv3 b...