CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities

Document Title: =============== Lazarus Guestbook v1.22 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1386 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2239 CVE-ID: ======= CVE-2014-2239 Release Date:...

Symantec Web Gateway < 5.2.2 Authenticated OS Command Injection (SYM14-016)

According to its self-reported version number, the remote web server is hosting a version of Symantec Web Gateway prior to version 5.2.2. It is, therefore, affected by a operating system OS command injection vulnerability in an unspecified PHP script which impacts the management console. A remote...

Symantec Web Gateway < 5.2.2 Command Injection Vulnerability

Symantec Web Gateway is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Symantec Web Gateway OS Authenticated Command Injection

SUMMARY Symantec's Web Gateway SWG Appliance management console is susceptible to operating system command injection by an authenticated but less-privileged user. AFFECTED PRODUCTS Product | Version | Solution ---|---|--- Symantec Web Gateway Appliance | 5.2.1 and prior | Symantec Web Gateway 5.2...

LogAnalyzer < 3.6.6 index.php / detail.php 'hostname' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize the 'hostname' value retrieved from log files. An attacker can exploit this issue to inject arbitrary HTML and script code into a user's browser to be...

Creative Contact Form - Arbitrary File Upload

No description provided by source. ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

Mayhem Shellshock Infection Attempt

Mayhem uses a PHP script to drop malicious objects to the affected client...

[SECURITY] [DSA 3064-1] php5 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3064-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso November 04, 2014 http://www.debian.org/security/faq -...

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage: https://profiles.wordpress.org/creative-solutions-1/ Software Link:...

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload

WordPress Plugin Creative Contact Form 0.9.7 - Arbitrary File Upload ========================================================== "Creative Contact Form - The Best WordPress Contact Form Builder" - Arbitrary File Upload Author: Gianni Angelozzi Date: 08/10/2014 Remote: Yes Vendor Homepage:...

TimThumb 'timthumb.php' WebShot 'src' Parameter Remote Command Execution

The TimThumb 'timthumb.php' script installed on the remote host is affected by a remote command execution vulnerability due to a failure to properly sanitize user-supplied input to the 'src' parameter. A remote, unauthenticated attacker can leverage this issue to execute arbitrary commands on the...

Mayhem — A New Malware Targets Linux and FreeBSD Web Servers

Security researchers from Russian Internet giant Yandex have discovered a new piece of malware that is being used to target Linux and FreeBSD web servers in order to make them a part of the wide botnet, even without the need of any root privileges. Researchers dubbed the malware as Mayhem, a nast...

Orbis CMS 1.0.2 - Arbitrary File Upload Vulnerability

No description provided by source. 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticat...

PayPal Store Front 3.0 'index.php' Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8791/info PayPal Store Front is prone to a remote file include vulnerability. It may be possible for a remote attacker to influence the include path for an external page to point to an attacker-specified location. This...

Ultimate Uploader 1.3 - Remote File Upload Vulnerability

No description provided by source. ========================================================================== Script Name : Ultimate Uploader 1.3 Language : php Vendor : http://www.element-it.com Author : Master Mind Home : www.shdowskill.com , www.vbspiders.com...

Pluxml 0.3.1 - Remote Code Execution Exploit

No description provided by source. ?php C:\ sploit.php -url http://victim.com/pluxml0.3.1/ -ip 90.27.10.196 /Waiting for connection on http://90.27.10.196:80/ !Now you have to make the victim to click on the url +Received 395 bytes from 182.26.54.2:2007 +Sending 366 bytes to 182.26.54.2:2007...

Tours Manager 1.0 - (cityview.php cityid) SQL Injection Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= IN THE NAME OF ALLAH -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Tour...

AutoIndex PHP Script 2.2.2/2.2.3 Index.PHP Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26410/info AutoIndex PHP Script is prone to a remote denial-of-service vulnerability because the application fails to properly handle unexpected input. Successfully exploiting this issue allows remote attackers to consume...

gBook 1.4 Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6033/info A vulnerability has been discovered in gBook v1.4. It has been reported that it is possible for an unauthorized attacker to gain administrative access to gBook by passing a malicious request to a php script...