SPIP remote code execution vulnerability

SPIP is a Web-based content publishing system used primarily for online collaboration. A remote code execution vulnerability exists in versions of SPIP prior to 3.2.8, which are primarily used for online collaboration. The vulnerability stems from the oups parameter of /ecrire not properly...

MODX Revolution code issue vulnerability

MODX Revolution is a PHP-based open source content management system CMS from the US company MODX. The system supports online collaboration, search engine optimization SEO, etc. MODX Revolution has a code issue vulnerability that can be exploited by attackers to execute arbitrary code by uploadin...

Tencent Document pc client software suffers from a command execution vulnerability

Tencent Document is an online document that can be edited by multiple people at the same time, supporting online Word/Excel/PPT/PDF/collection form multiple types. Tencent Document pc client software has a command execution vulnerability that can be exploited by an attacker to gain control of the...

Mikogo 5.4.1.160608 - Local Credentials Disclosure Exploit

Exploit for windows platform in category local exploits !/usr/bin/env python Mikogo 5.4.1.160608 Local Credentials Disclosure Vendor: Snapview GmbH Product web page: https://www.mikogo.com Affected version: 5.4.1.160608 Summary: Mikogo is a desktop sharing software application for web conferencin...

Vulnerable Workers in Uncertain Times - 4th Conference CFP

Document Title: =============== Vulnerable Workers in Uncertain Times - 4th Conference CFP References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1264 Download: http://www.vulnerability-lab.com/resources/documents/1264.pdf Release Date: ============= 2014-05-12 Vulnerability...

Feng Office Community版本跨站脚本执行和任意文件上传漏洞

Feng Office是一个开源的在线协作系统，采用BS架构，运用php语言开发而成。Feng Office原为OpenGoo，自OpenGoo1.61版开始，改称Feng Office。 Feng Office Community版本在实现上存在跨站脚本执行和任意文件上传漏洞，远程攻击者可利用此漏洞执行跨站脚本攻击和控制受影响系统。 1）在返回给用户之前没有正确过滤通过"filename"和"slimContent" POST参数发送到public/assets/javascript/slimey/save.php的输入。可被利用造成在受影响站点的浏览器会话中执行任意HTML和脚本代码...

Entrans - SQL Injection

Entrans - SQL Injection Exploit Title: Entrans SQLi vulnerablility Date: 2010/9/27 Author: keracker Software Link: http://sourceforge.net/projects/entrans/ Software Description: Entrans is an online collaborative translation tool used for editing and translation of PO files. It provides features...

VideoWhisper Video Consultation Xss Vulnerabilities

Exploit for php platform in category web applications =================================================== VideoWhisper Video Consultation Xss Vulnerabilities =================================================== To accomplish great things, we must dream as well as act...

IT staffs pressured to relax Web security

From SearchSecurity.com Rob Westervelt IT managers are under pressure from the top executives in their organizations to relax their policies on Web security in order to make users more productive. A new survey of more than 1,000 IT managers found that sales and marketing personnel also are leanin...

DSA-1094-1 gforge - missing input sanitising

Bulletin has no description...

Office Live

Office Live Product Family Category...