Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow', 'Description' = %q This module exploits a buffer overflow in Sync Breeze...

Cross site request forgery (csrf)

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

Atlassian Jira Information Disclosure Vulnerability

Atlassian Jira is a defect tracking management system, a commercial application for defect management, task tracking and project management. An information disclosure vulnerability exists in the Trello import program in Atlassian Jira. A remote attacker could exploit this vulnerability to access...

FreeBSD : gitlab -- Remote code execution on project import (65fab89f-2231-46db-8541-978f4e87f32a)

GitLab developers report : Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab...

Various Cross-site request forgery(CSRF) vulnerabilities in the Jira-importers-plugin - CVE-2017-18033

The Jira-importers-plugin in Atlassian Jira before version 7.6.1 allows remote attackers to create new projects and abort an executing external system import via various Cross-site request forgery CSRF vulnerabilities...

gitlab -- Remote code execution on project import

GitLab developers report: Today we are releasing versions 10.3.4, 10.2.6, and 10.1.6 for GitLab Community Edition CE and Enterprise Edition EE. These versions contain a number of important security fixes, including two that prevent remote code execution, and we strongly recommend that all GitLab...

Sync Breeze Enterprise 9.5.16 - Import Command Buffer Overflow

This module exploits a buffer overflow in Sync Breeze Enterprise 9.5.16 by using the import command option to import a specially crafted xml file. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule...

CVE-2017-15620

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

Command injection

TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-zone variable in the ipmacimport.lua file...

import-express.com XSS vulnerability

Open Bug Bounty ID: OBB-509610 Description| Value ---|--- Affected Website:| import-express.com Open Bug Bounty Program:| Not created yet Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N...

TP-Link WVR, WAR and ER Device Arbitrary Command Execution Vulnerability (CNVD-2018-01909)

TP-Link WVR, WAR and ER devices are all different series of router products from China P&L TP-LINK. A security vulnerability exists in the TP-Link WVR, WAR, and ER devices. A remote attacker can exploit the vulnerability by injecting commands into the new-zone variable in the ipmacimport.lua file...

Web Reconnaissance Framework: Recon-ng

Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can...

CVE-2012-3353

The CVE-2012-3353 entry concerns Apache Sling JCR ContentLoader’s XmlReader in version 2.1.4, which allows importing arbitrary files (including local files) into the content repository, enabling potential information disclosure. The vulnerability arises from how XmlReader handles import operation...

Wapiti 3.0.0 - The Web-Application Vulnerability Scanner

Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans it does not study the source code of the web application by crawling the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets the list of...

CVE-2013-4364

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

Design/Logic Flaw

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

CVE-2013-4364

1 oo-analytics-export and 2 oo-analytics-import in the openshift-origin-broker-util package in Red Hat OpenShift Enterprise 1 and 2 allow local users to have unspecified impact via a symlink attack on an unspecified file in /tmp...

Denial of Service Vulnerability in INVT Studio

INVT Studio is a serial and Ethernet based inverter monitoring system. A denial of service vulnerability exists in INVT Studio version 1.20 due to a failure to follow the specification for code behavior at the INVT Studio import function. An attacker can exploit this vulnerability to cause a deni...

Commsy XXE Attack Vulnerability

Commsy is a Web-based, open source community system for project management. A security vulnerability exists in the configuration import feature in Commsy version 9.0.0. A remote attacker could exploit the vulnerability to cause a denial of service and possibly execute code...

Threat Outbreak Alert RuleID31696: Email Messages Distributing Malicious Software on January 3, 2018

Medium Alert ID: 56351 First Published: 2018 January 3 16:32 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31696 may contain the following files: Name |...