CVE-2016-4360

web/admin/data.js in the Performance Center Virtual Table Server VTS component in HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 through patch 3, 12.02 through patch 2, and 12.50 through patch 3 and Performance Center 11.52 through patch 3, 12.00 through patch 1, 12.01 through...

[SECURITY] Fedora 22 Update: phpMyAdmin-4.6.2-1.fc22

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 23 Update: phpMyAdmin-4.6.2-1.fc23

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

CVE-2016-0879

Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL...

WordPress CSV Import Plugin Cross-Site Scripting

A cross-site scripting vulnerability exists in WordPress CSV Import Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Faraday v1.0.20 - Collaborative Penetration Test and Vulnerability Management Platform

Faraday introduces a new concept - IPE Integrated Penetration-Test Environment a multiuser Penetration test IDE. Designed for distribution, indexation and analysis of the generated data during the process of a security audit. A brand new Faraday version is ready! Faraday v1.0.20 Community, Pro &...

LMCMS Backend Arbitrary File Upload Vulnerability

LMCMS Leming CMS system is a web content management system developed in Java language, developed by Beijing Leming Zhixin Technology Co., Ltd. and distributed under commercial license. LMCMS Leming CMS system's management background under the full media library section of the file management to...

GitLab: SSRF when importing a project from a git repo by URL

Fixed in 8.17.4, 8.16.8, and 8.15.8 SSRF when importing a project from a Repo by URL GitLab instances that have enabled project imports using "Repo by URL" were vulnerable to Server-Side Request Forgery attacks. By specifying a project import URL of localhost an attacker could target services tha...

CVE-2016-1593

Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...

CVE-2016-1593

CVE-2016-1593 affects Micro Focus/Novell Service Desk prior to 7.2. A directory traversal flaw in the import users feature allows a remote authenticated administrator to upload and execute arbitrary JSP files via a .. (dot dot) in a filename in a multipart/form-data POST to LiveTime.woa, enabling...

phpLiteAdmin 1.9.6 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpLiteAdmin v1.9.6 - Multiple Vulnerabilities Date: 20.04.2016 Exploit Author: Ozer Goker Vendor Homepage: https://www.phpliteadmin.org Software Link: https://bitbucket.org/phpliteadmin/public/downloads/phpLiteAdminv1-9-6.zip...

Micro Focus Service Desk Path Traversal Vulnerability

Micro Focus Service Desk formerly Novell Service Desk is a service management solution for monitoring and resolving service issues from Micro Focus in the UK. The solution provides incident management, problem management, service catalog definition and management, financial management, knowledge...

WordPress Import CSV Plugin 1.0 - Directory Traversal

No description provided by source...

WordPress Import CSV Directory Traversal Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

Security update for java-1_7_0-openjdk (important)

The OpenJDK Java java-170-openjdk was updated to 2.6.5 to fix the following issues: Update to 2.6.5 - OpenJDK 7u99 bsc972468 Security fixes - S8152335, CVE-2016-0636: Improve MethodHandle consistency Import of OpenJDK 7 u99 build 0 - S6425769, PR2858: Allow specifying an address to bind JMX remot...

CVE-2016-0784

Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. dot dot in a ZIP archive entry...

Wordpress Site Import Plugin 1.0.1 - Local and Remote File Inclusion

No description provided by source...

How to Import/Export vDisk

How to Import/Export vDisk...

The vulnerability of the Network Security Services library allows a perpetrator to cause a service failure or exert other effects.

The vulnerability of the PK11ImportDERPrivateKeyInfoAndReturnKey function in the Network Security Services library is related to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause service failures or other effects by using specially crafted k...

Apache OpenMeetings 3.1.0 Path Traversal

Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings 1.9.x - 3.1.0 Description: The Import/Export System Backups functionality in the OpenMeetings Administration menu http://domain:5080/openmeetings/admin/backup is vulnerable to path traversal via...