Hloun 1.0.0 Insecure Settings

==================================================================================================================================== | Title : Hloun V1.0.0 Rinstall Script Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | |...

Improper Authentication in Atlassian Connect Spring Boot

Broken Authentication in Atlassian Connect Spring Boot ACSB in version 1.1.0 before 2.1.3 and from version 2.1.4 before 2.1.5: Atlassian Connect Spring Boot is a Java Spring Boot package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Sprin...

CVE-2021-26073

Broken Authentication in Atlassian Connect Express ACE from version 3.0.2 before version 6.6.0: Atlassian Connect Express is a Node.js package for building Atlassian Connect apps. Authentication between Atlassian products and the Atlassian Connect Express app occurs with a server-to-server JWT or...

Apple Patches KRACK Vulnerability in iOS 11.1

Apple has patched iOS, macOS and other products to protect against the KRACK vulnerability recently disclosed in the WPA2 Wi-Fi security protocol. KRACK, short for key re-installation attack, allows an attacker within range of a victim’s Wi-Fi network to read encrypted traffic with varying degree...

JVN#11601216: Installer of "Security Kinou Mihariban" may insecurely load Dynamic Link Libraries

Installer of "Security Kinou Mihariban" provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege of the user invoking the...

zzcms Product version \install\index.php re-installation vulnerability

No description provided by source...

Design/Logic Flaw

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the dbname...

CVE-2014-7986

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter...

CVE-2014-7986

EspoCRM prior to 2.6.0 is affected by multiple issues via /install/index.php: CVE-2014-7986 allows remote reinstallation by setting installProcess=1 due to improper access control; CVE-2014-7985 enables PHP file inclusion via action parameter leading to potential code execution; CVE-2014-7987 ena...

CVE-2014-7986

install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter...

Podcast Generator <= 1.2 unauthorized Re-Installation Remote Exploit

No description provided by source. ?php Podcast Generator = 1.2 unauthorized CMS Re-Installation Remote Exploit by staker -------------------------------------- mail: stakerathotmaildotit url: http://podcastgen.sourceforge.net -------------------------------------- it works with registerglobals=o...

Remote Code Execution in Microweber

High-Tech Bridge Security Research Lab discovered vulnerability in Microweber, which can be exploited to delete arbitrary files and compromise vulnerable system as a consequence. 1 Improper Access Control in Microweber: CVE-2013-5984 Vulnerability exists due to improper access restriction to...

Completely remove WSUS 3.0 approach-vulnerability warning-the black bar safety net

Upgrade the domain controller or demote a domain controller, wsus services usually fail, only by hand to completely remove wsus3. 0 and then re-install, the following is the result of several attempts later summed up the detailed operation of the steps of: 1, the...

Simple-Log blog system full version re-installation vulnerability-vulnerability warning-the black bar safety net

Simple-Log blog system is a PHP+MySQL build a blog system,if the install directory is not removed, it will cause the attacker can re-install In the not deleted the install folder, the install/index. php users can submit remote mysql accounts and passwords, resulting in simple-log will be...

CubeCart 4.x/5.x | Setup Re-installation Privilege Escalation Vulnerability

OVERVIEW CubeCart 4.x and 5.x versions are vulnerable to Setup Re-installation Privilege Escalation. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup...

JVN#01547302: ALZip vulnerable to buffer overflow

ALZip is a file compression/extraction software from ESTsoft Japan Corp. ALZip contains a buffer overflow vulnerability due to improper handling of mim files. Impact When opening a specially crafted file, arbitrary code may be executed. Solution Re-install the software Download ALZip 8.21 after...

Apache Tomcat multiple security vulnerabilities

Files deletion, weak permissions after re-installation...

d.net CMS Reinstall / Blind SQL Injection

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - - + / / / / / / + - / / / / /// / / / /// / / - + / // / // / / / , \n". "+ Ex. : php xpl.php localhost /dnetCMS/\n". "+ Greetz : cristina, puccio they kept me company when I coded this stuff :D\n". "\n"; function hex $string $i=0;...

d.net CMS Arbitrary Reinstall/Blind SQL Injection Exploit

Exploit for unknown platform in category web applications ========================================================= d.net CMS Arbitrary Reinstall/Blind SQL Injection Exploit ========================================================= + Arbitrary Re-Installation Vulnerability There's no check about...

d.net CMS - Arbitrary Reinstall/Blind SQL Injection

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - - + / / / / / / + - / / / / /// / / / /// / / - + / // / // / / / , \n". "+ Ex. : php xpl.php localhost /dnetCMS/\n". "+ Greetz : cristina, puccio they kept me company when I coded this stuff :D\n". "\n"; function hex $string $i=0;...