Microsoft Issues Emergency Patch For Critical Flaw In Windows Containers

Just a few days prior to its monthly patch release, Microsoft released an emergency patch for a critical vulnerability in the Windows Host Compute Service Shim hcsshim library that could allow remote attackers to run malicious code on Windows computers. Windows Host Compute Service Shim hcsshim i...

Windows Host Compute Service Shim Remote Code Execution Vulnerability

Microsoft Windows 10 and others are a series of operating systems released by the American company Microsoft. A remote code execution vulnerability exists when the Windows Host Computing Services Shim hcsshim library fails to properly validate input when importing container images. An attacker...

CVE-2018-8115

A remote code execution vulnerability exists when the Windows Host Compute Service Shim hcsshim library fails to properly validate input while importing a container image, aka "Windows Host Compute Service Shim Remote Code Execution Vulnerability." This affects Windows Host Compute...

Updated anki package fixes security vulnerability

Anki 2.0.47 fixes a security issue in .apkg imports...

WordPress Woo Import Export 1.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability found by Lenon Leite in WordPress Woo Import Export version 1.0. Solution This plugin was closed on 26th January 2018 and is no longer available for download. Reason: Security Issue. Deactivate and uninstall...

CMS Made Simple Remote Code Execution Vulnerability (CNVD-2018-08983)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A remote code execution vulnerability exists in th...

CVE-2018-10517

In CMS Made Simple CMSMS through 2.2.7, the "module import" operation in the admin dashboard contains a remote code execution vulnerability, exploitable by an admin user, because an XML Package can contain base64-encoded PHP code in a data element...

[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.0.1-1.fc28

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Code execution vulnerability in cms made simple backend

CMS Made Simple is an open source content management system. It is built using PHP and Smarty Engine , which separates content , functionality and templates . cms made simple version 2.2.7 has a code execution vulnerability in the backend when performing module import, which can be exploited by a...

WordPress Woo Import Export 1.0 Arbitrary File Deletion

...

WordPress Woo Import Export 1.0 Plugin - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications 0day.today 2018-04-26...

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

...

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion

WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion...

ExpressionEngine: Import File Converter - local File inclusion

@lawrenceamer discovered a local file inclusion vulnerability that logged in users with access to the control panel and permission to access developer utilities may be able to exploit. @lawrenceamer gave a detailed report with step-by-step instructions for replicating and screen captures of a the...

Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)

Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on:...

Menu Import and Export - Critical - Access bypass - SA-CONTRIB-2018-018

This module helps in exporting and importing Menu Items via the administrative interface. The module does not properly restrict access to administrative pages, allowing anonymous users to export and import menu links. There is no mitigation for this vulnerability...

Hashtopolis - A Hashcat Wrapper For Distributed Hashcracking

Hashtopolis is a multi-platform client-server tool for distributing hashcat tasks to multiple computers. The main goals for Hashtopolis's development are portability, robustness, multi-user support, and multiple groups management. The application has two parts: Agent Multiple clients C, Python,...

Go: Arbitrary code execution

Background Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Description A vulnerability in Go was discovered which does not validate the import path of remote repositories. Impact Remote attackers, by enticing a user to import from a...

The vulnerability in the `track_import_export.php` script of the U.motion builder system allows a perpetrator to execute arbitrary SQL queries against the database.

The vulnerability of the trackimportexport.php script of the U.motion builder system, a system for managing industrial and residential buildings, is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL...

Atlassian JIRA Server Security Bypass Vulnerability

Atlassian JIRA Server is a defect tracking management system from Atlassian Australia. The system is mainly used to track and manage all kinds of problems and defects in the work. A security vulnerability exists in Atlassian JIRA Server including JIRA Core versions 7.6.0, 7.7.0, and 7.8.0 in a...