Power BB 1.8.3 - Remote File Includes

No description provided by source. Dada?lar Grup Komutanl??? | HackSpy | Zombie | KroNickq | DigitALL | NoFearx38 | 1923Turk Grup by DigitALL Sites : http://powerwd.net Download : http://www.phpexplorer.com/Goster/536 Download : http://sourceforge.net/projects/pbb/ Power BB 1.8.3 Remote File...

ZoneMinder Video Server packageControl Command Execution (CVE-2013-0232)

A code execution vulnerability has been reported in ZoneMinder. The vulnerability is due to flaw in the index.php script that is triggered when user supplied input used in the /includes/actions.php file is passed from the 'runeState' parameter to the 'packageControl, which calls exec with user...

IBM WebSphere Portal Web Content Viewer Portlet Privilege Escalation (PI15723)

The version of IBM WebSphere Portal on the remote host is affected by a privilege escalation vulnerability in the Web Content Viewer portlet due to improper handling of JSP includes. A remote attacker is able to obtain sensitive information, cause a denial of service, or control the request...

CVE-2014-0954

CVE-2014-0954 affects IBM WebSphere Portal versions 6.1.0.x (6.1.0.6 CF27 and 6.1.5.x CF27), 7.0.x (up to 7.0.0.2 CF28), and 8.0 prior to 8.0.0.1 CF12. The issue is that JSP includes are not validated, which can let remote attackers obtain sensitive information, bypass request-dispatcher access r...

CVE-2014-0166

The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...

CVE-2012-6633

Cross-site scripting XSS vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field...

[Websecurify] Web Security Testing Runtime

A Complete Suite Of Web Security Tools The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities an...

CVE-2013-3836

Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Partial Page Caching...

DEBIAN-CVE-2013-4315

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

PYSEC-2013-20

Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWEDINCLUDEROOTS setting followed by a .. dot dot in a ssi template tag...

[IronWASP v0.9.6.5] Open Source Advanced Web Security Testing Platform

IronWASP Iron Web application Advanced Security testing Platform is an open source system for web application vulnerability testing. It is designed to be customizable to the extent where users can create their own custom security scanners using it. Though an advanced user with Python/Ruby scripti...

[SECURITY] Fedora 19 Update: smokegen-4.10.4-1.fc19

This package includes Smoke Generator...

Command injection

cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary commands by creating a .shtml file and leveraging Server Side Includes SSI functionality...

Traidnt up 2.0 (report.php trtext) Blind SQL Injection Vulnerability

Traidnt up is a php online upload script assignmessage,charset$errors."انتظر سوف يتم تحويلك للملف مرة أخري".""; $traidnt-display"message.tpl"; else $ip = getenv'REMOTEADDR'; $reportquery = $db-query" INSERT INTO report reportkey ,reportwhy ,reportip VALUES '$fileid', '$trtext', '$ip';";...

Vbulletin (blog_plugin_useradmin) v4.1.12 Sql Injection Vulnerability

a bug in Vbulletin blogpluginuseradmin v4.1.12 that allows to us to occur a Sql Injection on a Remote machin. Exploit Title : Vbulletin blogpluginuseradmin v4.1.12 Sql Injection Vulnerability Author : IrIsT.Ir Discovered By : Am!r Home : http://IrIsT.Ir/forum Software Link :...

PT-2012-1276 · Html2Ps · Html2Ps

Name of the Vulnerable Software and Affected Versions: html2ps versions prior to 1.0b6 Description: The issue allows remote attackers to read arbitrary files via a .. dot dot in the include file SSI directive. This might be a problem in limited scenarios, such as if html2ps is invoked by a web...

UBUNTU-CVE-2012-2922

The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...

CVE-2012-2403

WordPress: CVE-2012-2403 affects wp-includes/formatting.php in WordPress prior to 3.3.2, where clickable links inside HTML attributes enable cross-site scripting (XSS) via unspecified vectors. The underlying issue is improper handling of links in attributes, allowing injected scripts to execute i...

CVE-2012-2400

Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors...

ShopNC 1.3 tasteless local includes-vulnerability warning-the black bar safety net

This thing in front there is axss http://www.badguest.cn/Article/201107/98039.html -------------------------------------------------------------------------------- GPC before everything is floating clouds. of. So tasteless. it. ./ control/adv.php class advControl / Display advertising / public...