9839 matches found
PT-2019-19923 · Otrs +2 · Otrs +2
Name of the Vulnerable Software and Affected Versions: Open Ticket Request System OTRS versions 5.x through 5.0.34 Open Ticket Request System OTRS versions 6.x through 6.0.17 Open Ticket Request System OTRS versions 7.x through 7.0.6 Description: An issue was discovered in Open Ticket Request...
CVE-2019-11677
The Custom Report import function in Zoho ManageEngine Firewall Analyzer before 12.3 Build 123224 is vulnerable to XML External Entity XXE Injection...
Arbitrary Code Execution
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service PaaS solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.6.1. See the following advisory for the container imag...
CVE-2019-5624
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
Path traversal
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2019-5624 Rapid7 Metasploit Framework Zip Import Directory Traversal
Rapid7 Metasploit Framework suffers from an instance of CWE-22, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in the Zip import function of Metasploit. Exploiting this vulnerability can allow an attacker to execute arbitrary code in Metasploit at the privilege level...
CVE-2019-5624
CVE-2019-5624 affects Rapid7 Metasploit Framework up to version 4.14.0, due to an instance of CWE-22 (Path Traversal) in the Zip import routine. The underlying issue allows an attacker to execute arbitrary code at the privilege level of the user running Metasploit by importing crafted zip data. C...
Veeam Management Pack 8.0 Update 6 cumulative patch for Veeam Backup & Replication monitoring
Challenge Veeam Management Pack 8.0 Update 6 cumulative patch for Veeam Backup & Replication monitoring. Cause Veeam Support has received quite enough customer feedback on issues related to MP for Veeam Backup & Replication provided as part of Veeam Management Pack for System Center. For example,...
Yum Package Manager Persistence
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Yum Package Manager Persistence', 'Description' = %q This module will run a payload when the package manager is used. No handler is ran...
Code injection
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...
CVE-2019-11519
Libraries/Nop.Services/Localization/LocalizationService.cs in nopCommerce through 4.10 allows XXE via the "Configurations - Languages - Edit Language - Import Resources - Upload XML file" screen...
osTicket 1.11 Cross Site Scripting / Local File Inclusion
Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link: https://github.com/osTicket/osTicket References:...
osTicket 1.11 - Cross-Site Scripting / Local File Inclusion Vulnerabilities
Exploit for php platform in category web applications Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link:...
PT-2019-17785 · Rapid7 · Metasploit Framework
Name of the Vulnerable Software and Affected Versions: Rapid7 Metasploit Framework versions 4.14.0 and prior versions Description: The issue is related to improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability, in the Zip import function of...
CVE-2019-1841 Cisco DNA Center Unintended Proxy Via SWIM Import Interface Vulnerability
A vulnerability in the Software Image Management feature of Cisco DNA Center could allow an authenticated, remote attacker to access to internal services without additional authentication. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this...
Bitbucket Data Center - Path traversal in the migration tool leads to RCE - CVE-2019-3397
h3. Issue Summary Bitbucket Data Center had a path traversal vulnerability in the Data Center migration tool. A remote attacker with authenticated user with admin permissions can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code executio...
WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-13565)
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in version 3.4.9 of the...
Cross site scripting
DISPUTED There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by...
CVE-2018-16257
There are multiple XSS vulnerabilities in WP All Import plugin 3.4.9 for WordPress via action=template. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged...
CVE-2018-16259
There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...