9790 matches found
CVE-2018-16277
The Image Import function in XWiki through 10.7 has XSS...
Cross site scripting
The Image Import function in XWiki through 10.7 has XSS...
CVE-2018-16277
The CVE-2018-16277 entry concerns XSS in the Image Import function of XWiki versions up to and including 10.7 . The vulnerability is described as a cross-site scripting flaw in the image: function, with the CMV notes indicating XSS could be triggered via this component. The available connected so...
CVE-2018-16277
The Image Import function in XWiki through 10.7 has XSS...
Moodle 3.x PHP Unserialize Remote Code Execution
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...
FreeBSD : moodle -- multiple vulnerabilities (074cb225-bb2d-11e8-90e1-fcaa147e860e)
moodle reports : Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
CVE-2018-14630
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
UBUNTU-CVE-2018-14630
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
CVE-2018-14630
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
CVE-2018-14630
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
Remote code execution
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
CVE-2018-14630
moodle before versions 3.5.2, 3.4.5, 3.3.8, 3.1.14 is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy 'drag and drop into text' ddwtos type quiz questions, it was possible to inject and execute PHP code from within the imported question...
CVE-2018-14630
CVE-2018-14630 affects Moodle before versions 3.5.2, 3.4.5, 3.3.8, and 3.1.14, where importing legacy drag-and-drop-into-text (ddwtos) quiz questions could inject and execute PHP code from the imported content, enabling remote code execution. The issue arises during XML import of ddwtos questions...
InfraRecorder 0.53 - '.txt' Denial of Service (PoC)
Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Date: 2018-09-14 Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested on: Windows 7 32bit Steps to Reproduce: Run the...
How to merge vDisk versions using Diskpart
There are times we need to import a vDisk with all the changes stored in different versions while the XML of it is not available. We can use this method to create a merged base outside PVS before importing it in a farm which will not require XML or PVP files for it...
PT-2018-3478 · Go +2 · Go +2
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command and is caused by insufficient input validation, specifically when using the -u flag with a malicious import path. This ca...
iSmartViewPro 1.5 Local Buffer Overflow
Exploit Title: iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-07 Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1.5 Tested on OS: Windows 7 32bi...
DEBIAN-CVE-2016-1000030
Pidgin version 2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutlsx509crtinit and gnutlsx509crtimport that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client...
CVE-2016-1000030
Pidgin version 2.11.0 contains a vulnerability in X.509 Certificates imports specifically due to improper check of return values from gnutlsx509crtinit and gnutlsx509crtimport that can result in code execution. This attack appear to be exploitable via custom X.509 certificate from another client...
moodle -- multiple vulnerabilities
moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...