WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

CentOS 4 : php (CESA-2007:0349)

Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A hea...

Securimage example_form.php XSS

The version of Securimage on the remote host contains a flaw that allows a remote cross-site scripting vulnerability because the application does not validate the 'REQUESTURI' variable in the 'exampleform.php' script. An attacker may be able to leverage this to inject arbitrary HTML and script co...

Freelancer.com XSS + Cookie Grabber

Stored XSS in Freelancer.com + Cookie Stealer. The package contains the how-to guide, PHP scriptcookie grabber and XSS vector in order. This is private exploit. You can buy it at https://0day.today...

eYou /php/ip_status.php 命令执行漏洞

No description provided by source...

MediaWiki mwdoc-filter.php Arbitrary File Access

The MediaWiki install hosted on the remote web server is affected by an arbitrary file access vulnerability due to a failure to restrict the execution of the 'maintenance/mwdoc-filter.php' script. An attacker can exploit this issue by sending a specialized URI to read files located outside the we...

Joomla Component JCE File Upload Remote Code Execution

This module exploits a vulnerability in the JCE component for Joomla!, which could allow an unauthenticated remote attacker to upload arbitrary files, caused by the fails to sufficiently sanitize user-supplied input. Sending specially-crafted HTTP request, a remote attacker could exploit this...

ClipShare 4.1.1 - gid Blind SQL Injection

ClipShare 4.1.1 - gid Blind SQL Injection Exploit Title: ClipShare 4.1.1 gmembers.php Blind SQL Injection Vulnerability Exploit Author: Esac Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software License: Commercial. all versions ar...

ClipShare 4.1.1 - 'gid' Blind SQL Injection

Exploit Title: ClipShare 4.1.1 gmembers.php Blind SQL Injection Vulnerability Exploit Author: Esac Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4 Official site: http://www.clip-share.com Software License: Commercial. all versions are vulnerable: Note : this vulnerable work...

OpenEMR 4.1.1 Shell Upload

?php / OpenEMR 4.1.1 ofcuploadimage.php Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: http://www.open-emr.org Affected version: 4.1.1 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows,...

[SECURITY] [DSA 2610-1] ganglia security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2610-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq -...

Uploader Plugin for WordPress File Upload Arbitrary Code Execution

The Uploader Plugin for WordPress installed on the remote host is affected by a file upload vulnerability due to a failure to properly verify or sanitize user-uploaded files. An unauthenticated, remote attacker can exploit this issue to upload files with arbitrary code and then execute them on th...

Forums Plugin for WordPress 'url' Parameter Arbitrary File Disclosure

The Forums Plugin for WordPress installed on the remote host is affected by an information disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'url' parameter of the zingforumoutput function in the zingiri-forum/forum.php script. An unauthenticated, remote...

Google Doc Embedder Plugin for WordPress 'File' Parameter Traversal Arbitrary File Disclosure

The Google Doc Embedder Plugin for WordPress installed on the remote host is affected by a file disclosure vulnerability due to a failure to properly sanitize user-supplied input to the 'file' parameter of the 'libs/pdf.php' script. This vulnerability could allow an unauthenticated, remote attack...

Debian Security Advisory DSA 2610-1 (ganglia - arbitrary script execution)

Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. OpenVAS Vulnerability Test $Id: deb2610.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2610-1 using...

DSA-2610-1 ganglia - remote code execution

Bulletin has no description...

Debian: Security Advisory (DSA-2610-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: Red Hat Security Advisory: squirrelmail security and bug fix update

An updated squirrelmail package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Astium VoIP PBX <= v2.1 build 25399 Multiple Vulns Remote Root Exploit

Exploit for php platform in category web applications !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...

Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution

Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...