DEBIAN-CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

Cross site request forgery (csrf)

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

CVE-2011-1580

The transwiki import functionality in MediaWiki before 1.16.3 does not properly check privileges, which allows remote authenticated users to perform imports from any wgImportSources wiki via a crafted POST request...

CVE-2011-1580

CVE-2011-1580 affects MediaWiki prior to 1.16.3. The transwiki import feature lacks proper privilege checks on form submission, allowing remote authenticated users to trigger imports from any wgImportSources wiki via a crafted POST request. Exploitation details in connected sources confirm this i...

Mandriva Update for glpi-data-injection MDVA-2011:015 (glpi-data-injection)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

MediaWiki 1.16.3之前版本存在多个远程漏洞

Bugtraq ID: 47354 MediaWiki是一套以GPL授权发行的Wiki引擎。 MediaWiki存在多个安全漏洞，允许恶意用户进行跨站脚本攻击和绕过部分安全限制。 -应用程序不正确防止部分浏览器如Internet Explorer 6基于查询URL结尾来猜测内容类型，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -通过CSS评注传递的输入在显示给用户之前，wikitext解析器没有对其进行过滤，可被利用注入和执行HTML，在目标用户浏览器上执行任意脚本代码。 -transwiki导入功能没有正确限制表单发送访问，可被利用执行未授权远程资源导入。...

Wireshark 1.5.1 Development Release !

Wireshark 1.5.1 Development Release ! Wireshark 1.5.1 has been released. Installers for Windows, OS X, and source code are now available. New and Updated Features The following features are new or have been significantly updated since version 1.4: 1. Wireshark can import text dumps, similar to...

DISCUZ X1. 5 vulnerability-vulnerability warning-the black bar safety net

DISCUZ X1. 5 local file inclusion vulnerability Affected versions: DISCUZ X1. 5 other version unknown Vulnerability type: local file inclusion vulnerability Vulnerability analysis: DISCUZX1. 5 local file inclusion, of course, is conditional, is to use a file as a cache. configglobal.php...

FreeBSD : openoffice.org -- Multiple vulnerabilities (f2b43905-3545-11e0-8e81-0022190034c0)

OpenOffice.org Security Team reports : Fixed in OpenOffice.org 3.3 - CVE-2010-2935 / CVE-2010-2936: Security Vulnerability in OpenOffice.org related to PowerPoint document processing - CVE-2010-3450: Security Vulnerability in OpenOffice.org related to Extensions and filter package files -...

Internet Explorer CSS Recursive Import Use After Free

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Microsoft Internet Explorer - CSS Recursive Import Use-After-Free (MS11-003) (Metasploit)

$Id: ms11003iecssimport.rb 11730 2011-02-08 23:31:44Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Oracle Document Capture Multiple Vulnerabilities

The Oracle Document Capture client installed on the remote host is potentially affected by multiple vulnerabilities : - An unspecified vulnerability exists in the Import Export utility. An attacker can exploit this to affect integrity. CVE-2010-3598 - An information disclosure vulnerability exist...

RHEL 5 : openoffice.org (RHSA-2011:0182)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:0182 advisory. - OpenOffice.org: directory traversal flaws in handling of XSLT jar filter descriptions and OXT extension files CVE-2010-3450 -...

Virtuosa Phoenix Edition 5.2 ASX SEH BOF

Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 Tested on: Windows XP SP2 Virtuosa - Fil...

Virtuosa Phoenix Edition 5.2 - ASX Buffer Overflow (SEH)

!/usr/bin/python Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 Tested on: Windows XP SP2 Virtuosa - File Import Import song or video file from Playlists junkA ...

Virtuosa Phoenix Edition 5.2 Buffer Overflow

!/usr/bin/python Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite Date found: Aug 16th 2010 Author: Acidgen Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe Version: 5.2 Tested on: Windows XP SP2 Virtuosa - File Import Import song or video file from Playlists junkA ...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6883)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption...

SuSE 10 Security Update : OpenOffice_org (ZYPP Patch Number 6884)

This update of OpenOfficeorg includes fixes for the following vulnerabilities : - XML signature weakness CVE-2009-2949: XPM Import Integer Overflow CVE-2009-2950: GIF Import Heap Overflow CVE-2009-3301: MS Word sprmTDefTable Memory Corruption CVE-2009-3302: MS Word sprmTDefTable Memory Corruption...