218 matches found
SensioLabs Symfony 3.3.6 Cross Site Scripting
SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Exploit Title: SensioLabs Symfony version 3.3.6 - Cross-Site Scripting Reflect Date: 08-06-2018 Software Link: https://symfony.com/ Exploit Author: HaMM0nz Chakrit S., a member of KPMG Cyber Security team in Thailand CVE:...
Input validation
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...
CVE-2016-0760
Multiple incomplete blacklist vulnerabilities in Apache Sentry before 1.7.0 allow remote authenticated users to execute arbitrary code via the 1 reflect, 2 reflect2, or 3 javamethod Hive builtin functions...
CVE-2016-0760
CVE-2016-0760 pertains to Apache Sentry prior to 1.7.0, where multiple incomplete blacklist checks allow remote authenticated users to execute arbitrary code through the Hive builtin functions reflect, reflect2, and java_method. The linked records (NVD, OSV, CNVD, CVE lists) consistently describe...
Hive Built-in Function Arbitrary Code Execution Vulnerability
hive is a data warehouse tool based on Hadoop that maps structured data files to a single database table and provides simple sql query functionality that can convert sql statements into MapReduce tasks to run. Arbitrary code execution vulnerabilities exist in the 'reflect', 'reflect2' and...
Ultimate PHP Board (UPB) 2.2.7 Cross Site Scripting Vulnerability
Ultimate PHP Board UPB version 2.2.7 suffers from a cross site scripting vulnerability. Exploit Title : Ultimate PHP Board UPB 2.2.7 Cross Site Scripting Vulnerability CVE : CVE-2015-2217 Date : 4 March 2015 Exploit Author : CWH Underground Discovered By : ZeQ3uL Site : www.2600.in.th Vendor...
phpBugTracker 1.6.0 CSRF / XSS / SQL Injection
Advisory: Multiple SQLi, stored/reflecting XSS- and CSRF-vulnerabilities in phpBugTracker v.1.6.0 Advisory ID: SROEADV-2015-16 Author: Steffen Rösemann Affected Software: phpBugTracker v.1.6.0 Vendor URL: https://github.com/a-v-k/phpBugTracker Vendor Status: patched CVE-ID: will asked to be...
IBM Sametime Meet Server 8.5 Cross Site Scripting
Exploit Title: IBM Sametime Meet Server 8.5 Reflect Cross Site Script Google Dork: intitle:"Meeting Center - IBM Lotus Sametime" Date: 11/08/2014 CVSS Score: http://nvd.nist.gov/cvss.cfm?calculator&version=2&vector=AV:N/AC:M/Au:N/C:P/I:N/A:N%29 CVE-ID:...
WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...
MS13-103: Vulnerability in ASP.NET SignalR could allow elevation of privilege: December 10, 2013
Resolves a vulnerability in ASP.NET SignalR that could allow elevation of privilege if an attacker reflects specially crafted JavaScript back to the browser of a targeted user.INTRODUCTIONMicrosoft has released security bulletin MS13-103. To view the complete security bulletin, visit one of the...
JDK: java.lang.reflect.Method invoke() code execution
Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli Monitoring, Smart Analytics System 5600,...
SERENDIPITY-1.7-RC2 Multiple Xss Vulnerability
Serendipity is a PHP-powered weblog application which gives the user an easy way to maintain an online diary, weblog or even a complete homepage. While the default package is designed for the casual blogger, Serendipity offers a flexible, expandable and easy-to-use framework with the power for...
IBM Proventia Network Mail Security System 2.5 - POST File Read
IBM Proventia Network Mail Security System 2.5 - POST File Read !/usr/bin/python ''' Author: muts of Offensive Security Product: IBM ISS Proventia Mail Security Version: 2.5 Vendor Site: http://www.ibm.com/us/en/ Product Page:...
IT Reflect => SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2010-015: EMC Celerra NFS authentication bypass vulnerability using IP spoofing. EMC Identifier: ESA-2010-015 CVE Identifier: CVE-2010-2860 Severity Rating: CVSS v2 Base Score: 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C Affected products: EMC SW: NAS Code...
Telephone Directory 2008 - SQL Injection Cross-Site Scripting
Telephone Directory 2008 - SQL Injection Cross-Site Scripting ==================================================================== Telephone Directory 2008 SQL/XSS Multiple Remote Vulnerabilities ====================================================================...
Telephone Directory 2008 - SQL Injection / Cross-Site Scripting
==================================================================== Telephone Directory 2008 SQL/XSS Multiple Remote Vulnerabilities ==================================================================== ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking...
Authentication flaw
Advantage Century Telecommunication ACT P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which 1 might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB...