CVE-2017-7310

A buffer overflow vulnerability in Import Command in SyncBreeze before 10.6, DiskSorter before 10.6, DiskBoss before 8.9, DiskPulse before 10.6, DiskSavvy before 10.6, DupScout before 10.6, and VX Search before 10.6 allows attackers to execute arbitrary code via a crafted XML file containing a lo...

Disk Sorter Enterprise 9.5.12 - Import Command Local Buffer Overflow

Disk Sorter Enterprise 9.5.12 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage:...

DiskBoss Enterprise 7.8.16 - 'Import Command' Local Buffer Overflow

!/usr/bin/env python Exploit Title: DiskBoss Enterprise v7.8.16 - 'Import Command' Buffer Overflow Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskboss.com Software Link:...

GitLab: [Repository Import] Open Redirect via "continue[to]" parameter

Hi, While experimenting with Repository Import functionality on a fresh GitLab 9.0 CE install, I noticed that the continueto parameter can be used to perform an Open Redirect through the inclusion of a double-slash prefix. Proof of Concept The following Proof of Concept URL enables a malicious...

CVE-2017-5869

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. dot dot in the X-File-Name header...

Directory traversal

Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. dot dot in the X-File-Name header...

FTPShell Server 6.56 Import CSV Buffer Overflow

Title: FTPShell Server 6.56 - Import CSV Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: =============== www.ftpshell.com Download: ===========...

MantisBT 1.2.0a3 < 1.2.17 - XmlImportExport Plugin PHP Code Injection Exploit

Exploit for multiple platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'MantisBT XmlImportExport Plugin PHP Code Injection Vulnerability',...

GitLab: SSRF vulnerability in gitlab.com via project import.

Dear GitLab bug bounty team, Summary --- It appears as though the fix to !17286 can be easily bypassed. You have blocked the usage of http://127.0.0.1, http://localhost/, etc., but http://0177.1/ and http://0x7f.1/, for instance, can still be used to scan internal ports. Error importing repositor...

gitlab -- Various security issues

GitLab reports: Information Disclosure in Issue and Merge Request Trackers During an internal code review a critical vulnerability in the GitLab Issue and Merge Request trackers was discovered. This vulnerability could allow a user with access to assign ownership of an issue or merge request to...

GitLab: Race condition in GitLab import, giving access to other people their imports due to filename collision

Vulnerability details There's a race condition in the Import::GitlabProjectsControllercreate endpoint that allows an attacker to gain access to someone else's import file. The race condition happens when there's a collision in two or more file names uploaded at the same time, before the import ge...

Windows 10 hangs during setup

Windows 10 will be imported but new desktop creation or adding layers may cause the Desktop to hang during Setup...

How to Import NetScaler exported configuration: File-Introduction and Requirements?

With StoreFront 3.7, we introduced the ability to import an exported configuration from NetScaler Gateway. With the introduction of this feature, we enhance the capabilities previously available by allowing multiple vServers to be imported from a single configuration file. The Remote access...

Reverse Engineering Communication Protocols: Netzob

Reverse Engineering Communication Protocols Netzob is an open source tool for reverse engineering, traffic generation and fuzzing of communication protocols. It allows to infer the message format and the state machine of a protocol through passive and active processes. The model can afterward be...

[SECURITY] Fedora 24 Update: shotwell-0.24.5-1.fc24

Shotwell is an easy-to-use, fast photo organizer designed for the GNOME desktop. It allows you to import photos from your camera or disk, organize them by date and subject matter, even ratings. It also offers basic photo editing, like crop, red-eye correction, color adjustments, and straighten...

CVE-2016-8999

IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious CSS...

CVE-2016-8999

CVE-2016-8999 affects IBM InfoSphere Information Server and related components (InfoSphere DataStage; InfoSphere Information Server on Cloud). The vulnerability is a path-relative stylesheet import issue that can cause a page to render in quirks mode, enabling an attacker to inject malicious CSS....

CVE-2016-9415

MyBB aka MyBulletinBoard before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."...

CVE-2016-9415

MyBB aka MyBulletinBoard before 1.8.8 on Windows and MyBB Merge System before 1.8.8 on Windows allow remote attackers to overwrite arbitrary CSS files via vectors related to "style import."...

CVE-2016-9415

CVE-2016-9415 affects MyBB (MyBulletinBoard) on Windows prior to version 1.8.8 and MyBB Merge System on Windows prior to 1.8.8. The issue allows remote attackers to overwrite arbitrary CSS files via vectors related to “style import.” The root cause is not detailed here beyond the style import mec...