967 matches found
[SECURITY] [DLA 392-1] roundcube security update
Package : roundcube Version : 0.3.1-6+deb6u1 CVE ID : CVE-2015-8770 High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in a popular webmail client Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to...
roundcubemail: remote code execution
High-Tech Bridge Security Research Lab discovered a path traversal vulnerability in Roundcube. Vulnerability can be exploited to gain access to sensitive information and under certain circumstances to execute arbitrary code and totally compromise the vulnerable server. The vulnerability exists du...
Fanwe O2O商业系统index.php处的POST参数topic_id存在SQL注入漏洞
No description provided by source...
bitrix.mpbuilder Bitrix 1.0.10 Local File Inclusion
Advisory ID: HTB23281 Product: bitrix.mpbuilder Bitrix module Vendor: www.1c-bitrix.ru Vulnerable Versions: 1.0.10 and probably prior Tested Version: 1.0.10 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015 Vendor Patch: November 25, 2015...
Centreon 2.6.x < 2.6.2 File Upload RCE
According to its version number, the Centreon application hosted on the remote web server is 2.6.x prior to 2.6.2. It is, therefore, affected by a remote code execution vulnerability due to improper sanitization of user-uploaded files via the main.php script. An authenticated, remote attacker can...
ManageEngine AssetExplorer < 6.1.0 Build 6113 Multiple XSS
The version of ManageEngine AssetExplorer running on the remote host is prior to 6.1.0 build 6113. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of input to the Publisher name before...
Joomla JNews SQL Injection
Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Exploit Author: Omer Ramić Twitter:...
Joomla JNews (com_jnews) Component 8.5.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management. Exploit Title: Joomla component comjnews - SQL injection Google Dork: inurl:option=comjnews Date: 2015-10-29 Explo...
Centreon 2.6.1 Persistent Cross Site Scripting
Centreon 2.6.1 Stored Cross-Site Scripting Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring...
Centreon 2.6.1 - Multiple Vulnerabilities
Centreon 2.6.1 - Multiple Vulnerabilities Centreon 2.6.1 Command Injection Vulnerability Vendor: Centreon Product web page: https://www.centreon.com Affected version: 2.6.1 CES 3.2 Summary: Centreon is the choice of some of the world's largest companies and mission-critical organizations for...
Centreon 2.6.1 Command Injection Vulnerability
Summary Centreon is the choice of some of the world's largest companies and mission-critical organizations for real-time IT performance monitoring and diagnostics management. Description The POST parameter 'persistant' which serves for making a new service run in the background is not properly...
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection
WordPress Plugin CP Reservation Calendar 1.1.6 - SQL Injection Exploit Title: WordPress: cp-reservation-calendar 1.1.6 SQLi injection Date: 2015-09-15 Google Dork: Index of /wp-content/plugins/cp-reservation-calendar/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Software Link:...
phpMoAdmin saveObject Remote Command Execution
The remote web server is hosting a version of phpMoAdmin that is affected by a remote code execution vulnerability due to improper sanitization of input passed via the 'object' POST parameter in the saveObject function in the moadmin.php script. A remote attacker can exploit this, via a specially...
CVE-2015-4065
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...
Sql injection
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...
Cross site scripting
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php...
CVE-2015-4064
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php...
CVE-2015-4065
Summary (CVE-2015-4065) : The WordPress Landing Pages plugin (versions before 1.8.5) contains an XSS vulnerability in shared/shortcodes/inbound-shortcodes.php. An authenticated remote user can inject arbitrary script/HTML via the post parameter passed to wp-admin/post-new.php, caused by echoing u...
WordPress Landing Pages Plugin <= 1.8.4 - XSS
Cross-site scripting XSS vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php. Solution Upgrade the plugin...
WordPress Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress Booking Calendar Contact Form 1.0.2Multiple vulnerabilities Date: 2015-05-01 Google Dork: Index of /wordpress/wp-content/plugins/booking-calendar-contact-form/ Exploit Author: Joaquin Ramirez Martinez i0akiN...