Snapchat: Server-Side Request Forgery using Javascript allows to exfill data from Google Metadata

Hey there, I was looking at your ads site with @daeken, we found some weird behavior in the import function of the creative app. Here are the steps: POC - Login to https://business.snapchat.com/ - Go to creative library - New Creative - Under "Topsnap Media", click on "Create" - Click on any of t...

WinPwn - Automation For Internal Windows Penetrationtest

In many past internal penetration tests I often had problems with the existing Powershell Recon / Exploitation scripts due to missing proxy support. For this reason I wrote my own script with automatic proxy recognition and integration. The script is mostly based on well-known large other offensi...

CVE-2019-9166

Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to root via write access to config.inc.php and importxiconfig.php...

PT-2019-19407 · Nagios · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions prior to 5.5.11 Description: The issue allows local attackers to elevate privileges to root. This is achieved through write access to specific files, including config.inc.php and import xiconfig.php. Recommendations: For...

openSUSE Security Update : libopenmpt (openSUSE-2019-524)

This update for libopenmpt to version 0.3.9 fixes the following issues : These security issues were fixed : - CVE-2018-11710: Prevent write near address 0 in out-of-memory situations when reading AMS files bsc1095644 - CVE-2018-10017: Preven out-of-bounds memory read with IT/ITP/MO3 files...

Universal Password Login Vulnerability in Tatsui Import Server System

Shanghai Chenrui Information Technology Company, is a wholly-owned subsidiary of the Third Research Institute of the Ministry of Public Security. It is mainly engaged in the development and integration of products in computer network security, mobile storage security and terminal security. There ...

openSUSE Security Update : python-Django (openSUSE-2019-614)

This update for python-Django to version 2.08 fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14574: Fixed an redirection vulnerability in CommonMiddleware boo1102680 The following other bugs were fixed : - Fixed a regression in Django 2.0.7 that broke the...

Social Warfare <= 3.5.2 - Unauthenticated Remote Code Execution (RCE)

Unauthenticated remote code execution has been discovered in functionality that handles settings import. PoC 1. Create payload file and host it on a location accessible by a targeted website. Payload content : " system'cat /etc/passwd' " 2. Visit...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

Design/Logic Flaw

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

CVE-2018-15906

SolarWinds Serv-U FTP Server 15.1.6 allows remote authenticated users to execute arbitrary code by leveraging the Import feature and modifying a CSV file...

CVE-2018-15906

CVE-2018-15906 affects SolarWinds Serv-U FTP Server 15.1.6. A remote authenticated user can exploit the Import feature by modifying a CSV, enabling privilege escalation to SYSTEM and remote code execution on default Windows installations. Documented impact includes escalation from Domain Administ...

Easy WP SMTP <= 1.3.9 - Unauthenticated Arbitrary wp_options Import

The changelog for easy-wp-smtp detailed that they "fixed potential vulnerability in import\export settings." in 1.3.9.1 of the plugin SVN changeset 2052058. This was released on 17th March 2019. It appears that an unauthenticated user can import arbitrary wpoptions by providing a PHP serialized...

Import users from CSV with meta <= 1.14.0.2 - XSS and CSRF

The Import and export users and customers WordPress plugin was affected by a XSS and CSRF security vulnerability...

GitLab: Persistent XSS in Note objects

Summary: Some cache invalidation and project import logic issues enable an attacker to import a project with XSS payloads in places like MR discussions and similar places where a Note object exists. Description: There are basically 3 issues causing the XSS here: All attributes of Note objects are...

CVE-2018-9867

In SonicWall SonicOS, administrators without full permissions can download imported certificates. Occurs when administrators who are not in the SonicWall Administrators user group attempt to download imported certificates. This vulnerability affected SonicOS Gen 5 version 5.9.1.10 and earlier, Ge...

Magento Community Edition 2.0.x < 2.0.17 Multiple Vulnerabilities

Binary data 700417.prm...

WordPress Import users from CSV with meta Plugin < 1.12.1 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description scriptoid"1.3.6.1.4.1.25623.1.0.112516";...

Microsoft SharePoint BDC Import Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the Business Data Connectivity Service Application. The issue results from the lack o...

CloudBees Jenkins Job Import Plugin XML External Entity Injection Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Job Import Plugin is used in one of the...