Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator's authentication...

Adding third party nasl plugins to OpenVAS

If you want to develop nasl plugins for OpenVAS, you might be interested how to import them in scanner. So, I was also interested. First of all, I decided to copy one of existing nasl scripts. I chose script that successfully detected vulnerability on a target host. Thus, in the case of importing...

June 13, 2017—KB4022726 (Monthly Rollup)

June 13, 2017—KB4022726 Monthly Rollup Improvements and fixes This security update includes improvements and fixes that were a part of update KB4019217 released May 16th, 2017 and resolves the following issues: Addressed issue where, after installing KB3170455 MS16-087, users have difficulty...

Easy File Sharing Web Server 7.2 - Account Import Local Buffer Overflow (SEH)

!/usr/bin/python 2017/6/17 Chako EFS Web Server 7.2 - Local Buffer OverflowSEH Tested on: Windows XP SP3 EN DEP Off Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Description: When importing a large user account file on to EFS Web Server 7.2 will...

How to resolve "Failed to probe partitions from virtual disk" error while importing an OS Layer

When importing an OS layer, you get this error: Failed to attach the disk /mnt/repository/Unidesk/OsImport Disks/Windows 10.vhd. Failed to probe partitions from virtual disk This is most often seen when importing a XenServer Windows 10 Gold VM that was exported as an OVF. However, it could happen...

VX Search Enterprise 9.7.18 - Local Buffer Overflow

VX Search Enterprise 9.7.18 - Local Buffer Overflow import os import struct author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: VX Search Enterprise v9.7.18 Import Local Buffer Overflow Vuln. Date: 2017.06.15 Exploit Author: Greg Priest Versio...

Schneider Electric U.motion Builder track_import_export remote code execution vulnerability

U.motion Builder is a builder product from Schneider Electric France. A remote code execution vulnerability exists in Schneider Electric U.motion Builder trackimportexport. When the export operation is selected in an applet call, the underlying SQLite database query requires SQL injection of the...

AtMail Cross-Site Request Forgery Vulnerability

AtMail is an open source WebMail client from the Australian company Atmail , which provides a Webmail interface , address book management , calendars and other features , and supports IMAP, video mail and so on. A cross-site request forgery vulnerability exists in AtMail versions prior to 7.8.0.2...

(0Day) Schneider Electric U.motion Builder track_import_export SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Schneider Electric U.motion Builder. Authentication is not required to exploit this vulnerability. The specific flaw exists within processing of trackimportexport.php, which is exposed on the web...

[SECURITY] Fedora 26 Update: libstaroffice-0.0.3-3.fc26

libstaroffice is a library for import of binary StarOffice documents...

CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV...

CVE-2017-9517

atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and import users via CSV...

CVE-2017-9355

XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...

CVE-2017-9355

XML external entity XXE vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery SSRF attacks via a crafted XSPF playlist file...

Shopify: SQL Exception thrown during product import

Possible SQL Injection was observed when a descriptive error message was thrown in a mail sent to the user while importing products from csv. Used some special characters in csv to induce the error. DATABASE FOUND TO BE MYSQL. F192274...

ExpressionEngine: Remote Code Execution in the Import Channel function

Hello, Administrators are allow to import channels by visiting http://HOST/PATHTOEE/admin.php?/cp/channels/sets and uploading .zip archives that contain the information about the channels to be imported. The archives are then extracted into temporary directories, which are kept in the...

Subsonic 6.1.1 - XML External Entity Injection Vulnerability

Exploit for windows platform in category local exploits + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

Subsonic 6.1.1 - XML External Entity Injection

Subsonic 6.1.1 - XML External Entity Injection + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SUBSONIC-XML-EXTERNAL-ENITITY.txt + ISR: ApparitionSec Vendor: ================ www.subsonic.org Product: ===============...

Importing Veeam ONE Monitor alarms

Challenge You need to import all alarms with their default values into Veeam ONE Monitor. Solution 1. Obtain the full list of alarms for version 9.0 here or for version 9.5 here. 2. Open Veeam ONE Monitor and navigate to the Alarm Management node. 3. Right-click on the container you wish to impor...

Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1260 MsMpEng includes a full system x86 emulator that is used to execute any untrusted files that look like PE executables. The emulator runs as NT AUTHORITY\SYSTEM and isn't sandboxed. Browsing the list of win32 APIs that the...