Ceph: RGW returns requested bucket name raw in Bucket response header

A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...

Ceph: RGW returns requested bucket name raw in Bucket response header

A feature in Ceph Object Gateway RGW allows to return a specific HTTP header that contains the name of a bucket that was accessed. It was found that the returned HTTP headers were not sanitized. An unauthenticated attacker could use this flaw to craft HTTP headers in responses that would confuse...

kernel: crypto api unprivileged arbitrary module load via request_module()

A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel...

kernel: crypto api unprivileged arbitrary module load via request_module()

A flaw was found in the way the Linux kernel's Crypto subsystem handled automatic loading of kernel modules. A local user could use this flaw to load any installed kernel module, and thus increase the attack surface of the running kernel...

autofs: priv escalation via interpreter load path for program based automount maps

It was found that program-based automounter maps that used interpreted languages such as Python would use standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system...

glibc: getaddrinfo() writes DNS queries to random file descriptors under high load

It was discovered that, under certain circumstances, glibc's getaddrinfo function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application...

WordPress Ajax Load More PHP Upload

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Ajax Load More PHP Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPres...

Wordpress Ajax Load More Plugin 2.8.1.1 Upload Shell Exploit

This Metasploit module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows you to upload arbitrary php files and get remote code execution. This Metasploit module has been tested successfully on WordPress Ajax Load More 2.8.0 with WordPress 4.1.3 on Ubuntu...

WordPress Plugin Ajax Load More 2.8.1.1 - PHP Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Wordpress Ajax Load More PHP Upload Vulnerability', 'Description' = %q This module exploits an arbitrary file upload in the WordPres...

WordPress Ajax Load More Plugin 2.8.1.1 - PHP Upload

Ajax Load More plugin is prone to a PHP upload vulnerability that allows to get remote code execution. Solution Upgrade the plugin...

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code vi...

CVE-2007-3997

The 1 MySQL and 2 MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safemode and openbasedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE...

The vulnerabilities of Adobe Acrobat and Adobe Acrobat Document Cloud for PDF file editing, as well as Adobe Reader and Adobe Reader Document Cloud for PDF file viewing, allow attackers to gain access to protected information stored in the process memory.

The vulnerability of the loadFlashMovie function in PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control mechanisms. Exploiting this vulnerabilit...

Insecure Direct Object Reference

The following URL is vulnerable to Insecure Direct Object Reference, allowing any authenticated user to read configuration files from the application such as the content of webapp directory in confluence. http:///spaces/viewdefaultdecorator.action?decoratorName=...

WordPress Ajax Load More Plugin < 2.8.2 - File Upload

This vulnerability allows an attacker to upload arbitrary files to the affected computer. Solution Upgrade the plugin...

Wordpress Ajax Load More Plugin < 2.8.2 - File Upload Vulnerability

Exploit for php platform in category web applications This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload',...

WordPress Plugin Ajax Load More &lt; 2.8.2 - Arbitrary File Upload

This module requires Metasploit: http://www.metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'WordPress Plugin ajax-load-more Authenticated Arbitrary File Upload', 'Description' = %q This module exploits an authenticated...

Wordpress Ajax Load More PHP Upload Vulnerability

This module exploits an arbitrary file upload in the WordPress Ajax Load More version 2.8.1.1. It allows to upload arbitrary php files and get remote code execution. This module has been tested successfully on WordPress Ajax Load More 2.8.0 with Wordpress 4.1.3 on Ubuntu 12.04/14.04 Server. This...

Ajax Load More <= 2.8.1.1 - Authenticated File Upload & Deletion

Authenticated file upload in file ajax-load-more/admin/admin.php file, in the function almsaverepeater. The variable $f is set to a predictable PHP file path, and then the content of the variable $c is written into that file. The following code proves that this second variable is also set from...

Android Security Restriction Bypass Vulnerability (CNVD-2015-06576)

Android is an operating system based on the Linux open kernel, announced on November 5, 2007 by Google Inc. for cell phones. A security restriction bypass vulnerability exists in LMY48I, a version of Android prior to 5.1.1. Allows an attacker to trigger a faulty process load via a crafted...