9777 matches found
Shopify: XSS at importing Product List
steps t reproduce: goto https://blahblah.myshopify.com/admin/products click on Import Products and upload the file in attachment and you will be able to trigger XSS...
SAP HANA DB Arbitrary File Read Vulnerability
SAP HANA DB is an in-memory database based on rows and columns. SAP HANA DB has a security vulnerability that allows remote attackers to read arbitrary files using the IMPORT FROM SQL statement...
Lychee 'importUrl()' function remote code execution vulnerability
Lychee is a free, open source image management tool. A remote code execution vulnerability exists in Lychee. An attacker could use this vulnerability to execute arbitrary code in the context of an affected application, which could also result in a denial of service...
WordPress Custom Contact Forms Plugin <= 5.1.0.3 - Database Import/Export
This plugin is prone to a database import/export vulnerabilities. Solution Update the plugin...
Alienvault OSSIM/USM Multiple Vulnerabilities
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities
Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely affects all previous versions as well. Fixed Version: No fix ha...
Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities
Alienvault OSSIMUSM 4.144.155.0 - Multiple Vulnerabilities Details ======= Product: Alienvault OSSIM/USM Vulnerability: Multiple Vulnerabilities XSS, SQLi, Command Execution Author: Peter Lapp, [email protected] CVE: None assigned Vulnerable Versions: Tested on 4.14, 4.15, and 5.0. It likely...
Fedora 21 : libreoffice-4.3.7.2-3.fc21 (2015-7022)
Fix some .docx import crashes. And finally fix the re-render of checked-unchecked checkbox transition update to 4.3.7 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and forma...
White Label CMS <= 1.5.2 - Stored XSS
Due to a lack of CSRF protection, and lack of sanitation of user input, it is possible to trigger a Persistent XSS attack via a CSRF attack. This attack targets in particular the Import functionality, which is located in the 'wlcmsImport' function, within the file...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the accessibility of protected information
Multiple vulnerabilities exist in the pcp-import-iostat2pcp package of the SUSE Linux Enterprise operating system. Exploitation of these vulnerabilities may lead to a violation of the confidentiality of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the accessibility of protected information
The pcp-import-sheet2pcp package of the SUSE Linux Enterprise operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Vulnerabilities in the SUSE Linux Enterprise operating system that allow attackers to compromise the accessibility of protected information
The pcp-import-mrtg2pcp package of the SUSE Linux Enterprise operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...
Packet Sender - The UDP and TCP Network Test Utility
Packet Sender is an open source utility to allow sending and receiving TCP and UDP packets. It is available free no ads / no bundleware for Windows , Mac , and Linux. It can be used for both commercial and personal use license. It's designed to be very easy to use while still providing enough...
CVE-2015-1889
The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via 1 a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or 2 an import of a certain Hive table definition with...
SAP NetWeaver 7.4 - XXE
Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...
MediaWiki Information Disclosure Vulnerability (CNVD-2015-02411)
MediaWiki is a Wiki program. A security vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to bypass SVG filtering and obtain sensitive user information via a mixed-case '@import' string in the style element of an SVG file...
DEBIAN-CVE-2015-2935
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...
CVE-2015-2935
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...
UBUNTU-CVE-2015-2935
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...
Design/Logic Flaw
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT."...