21 matches found
EUVD-2008-2735
Malware in sbrugna...
EUVD-2007-4234
Malware in sbrugna...
BIT-JOOMLA-2024-27186 [20240803] - Core - XSS in HTML Mail Templates
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...
CVE-2011-4449
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANETMODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a...
CVE-2024-27186
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...
CVE-2024-27186
CVE-2024-27186 affects Joomla! via the mail template feature lacking an escaping mechanism, enabling XSS vectors across multiple extensions. The vulnerability stems from insufficient input escaping in mail templates, with CVSSv3.1 base score 6.1 (MEDIUM). Affected component: the HTML mail templat...
Konan - Advanced Web Application Dir Scanner
Konan is an advanced open source tool designed to brute force directories and files names on web/application servers. Installation Download Konan by cloning the Git repository: git clone https://github.com/m4ll0k/Konan.git konan Install requirements with pip cd konan && pip install -r...
openSUSE Security Update : xorg-x11-server (openSUSE-2017-1177)
This update for xorg-x11-server fixes the following vulnerabilities : - CVE-2017-12176: Unvalidated extra length in ProcEstablishConnection bsc1063041 - CVE-2017-12177: dbe: Unvalidated variable-length request in ProcDbeGetVisualInfo bsc1063040 - CVE-2017-12178: Xi: fix wrong extra length check i...
Dirs3arch v0.3.0 - HTTP(S) Directory/File Brute Forcer
dirs3arch is a simple command line tool designed to brute force hidden directories and files in websites. It's written in python3 3 and all thirdparty libraries are included. Operating Systems supported Windows XP/7/8 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for...
Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x
No description provided by source. !/usr/bin/python Exploit Title: Exploit for Microsoft IIS ASP Multiple Extensions Security Bypass 5.x/6.x Date: 29 dec 2009 Author: Emanuele 'emgent' Gentili and Emanuele 'crossbower' Acri Software Link: N/A Version: IIS 5.x/6.x Tested on: Windows 2003 Server SP...
Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities
Document Title: =============== Bluetooth Photo Share Pro v2.0 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1218 Release Date: ============= 2014-02-26 Vulnerability Laboratory ID VL-ID:...
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities Title: ====== Photo Transfer Upload v1.0 iOS - Multiple Vulnerabilities Date: ===== 2013-08-16 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1047 VL-ID: ===== 1047 Common Vulnerability Scoring System:...
DEBIAN-CVE-2009-3890
Unrestricted file upload vulnerability in the wpcheckfiletype function in wp-includes/functions.php in WordPress before 2.8.6, when a certain configuration of the modmime module in the Apache HTTP Server is enabled, allows remote authenticated users to execute arbitrary code by posting an...
CVE-2007-4251
OpenOffice.org OOo 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service...
Denial of service
OpenOffice.org OOo 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service...
CVE-2007-4251
OpenOffice.org OOo 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service...
CVE-2007-0505
Unrestricted file upload vulnerability in the Project issue tracking 4.7.0 through 5.x before 20070123, a module for Drupal, allows remote authenticated users to execute arbitrary code by attaching a file with executable or multiple extensions to a project issue...
Code injection
Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under certain Apache configurations such as when FileInfo overrides are disabled within .htaccess, allows remote attackers to execute arbitrary code by uploading a file with multiple extensions, a variant of CVE-2006-2743...
CVE-2006-2330
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, a...
CVE-2005-1604
PHP Advanced Transfer Manager phpATM 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code...