MediaWiki 1.19.x < 1.19.7 / 1.20.x < 1.20.6 Arbitrary File Upload

According to its version number, the instance of MediaWiki running on the remote host is affected by an arbitrary file upload vulnerability due to a flaw that fails to validate file extensions when files are uploaded via chunks using the API. Note that Nessus has not tested for this issue but has...

PHD Help Desk SQL Injection vulnerability

PHD Help Desk is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[aidSQL] A tool that will aid you when trying to find vulnerable spots in your site

Is a PHP application provided for detecting security holes in your website/s. It's a modular application, meaning that you can develop your very own plugins for SQL injection detection & exploitation. 2013-05-27 NEW aidSQL Release which supports MS SQL SERVER 2000 Database injection and reverse...

[SECURITY] Fedora 18 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc18

SabreDAV allows you to easily add WebDAV support to a PHP application. Sabr eDAV is meant to cover the entire standard...

[SECURITY] Fedora 19 Update: php-sabredav-Sabre_DAV-1.6.5-5.fc19

SabreDAV allows you to easily add WebDAV support to a PHP application. Sabr eDAV is meant to cover the entire standard...

Gallery 3.0.x < 3.0.7 Multiple Vulnerabilities

According to its version number, the Gallery install hosted on the remote web server is affected by multiple vulnerabilities : - The application is affected by an unspecified flaw related to stack trace. - A cross-site scripting XSS vulnerability exists because the application fails to validate...

CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

DEBIAN-CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

Authentication flaw

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

CVE-2012-4528

CVE-2012-4528 applies to the mod_security2 module for Apache HTTP Server, before version 2.7.0. The issue arises in multipart request handling where an invalid part precedes crafted data, allowing remote attackers to bypass rules and deliver arbitrary POST data to a PHP application. Impact is a r...

CVE-2012-4528

The modsecurity2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an invalid part precedes the crafted data...

CMSMini 0.2.2 Cross Site Scripting

Information -------------------- Name : XSS Vulnerabilities in CMSMini Software : CMSMini 0.2.2 and possibly below. Vendor Homepage : http://sourceforge.net/projects/cmsmini/ Vulnerability Type : Cross-Site Scripting Severity : Critical Researcher : Canberk Bolat Advisory Reference : NS-12-012...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via 1 $SERVER'HTTPHOST' or 2...

CVE-2012-1647

Multiple cross-site scripting XSS vulnerabilities in the "stand alone PHP application for the OSM Player," as used in the MediaFront module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal, allow remote attackers to inject arbitrary web script or HTML via 1 $SERVER'HTTPHOST' or 2...

Horde Kronolith js/kronolith.js Multiple View XSS

The version of Kronolith installed on the remote host is affected by multiple cross-site scripting vulnerabilities because it fails to sanitize user input to the 'tasks' and 'search' views upon submission to the js/kronolith.js script. An attacker may be able to leverage these vulnerabilities to...

Nagios XI < 2011R1.9 login.php XSS

The version of Nagios XI hosted on the remote web server fails to properly sanitize input to the login.php script. An attacker can leverage this issue by enticing a user to follow a malicious URL, causing attacker-specified script code to run inside the user's browser in the context of the affect...

Serendipity 1.6.1 SQL Injection

Advisory ID: HTB23092 Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE Reference: CVE-2012-2762 CVSSv2...

Mega File Manager 'name' Parameter Directory Traversal Vulnerability

Mega File Manager is prone to a directory traversal vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...