GHSA-8FV7-WQ38-F5C9 Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Your Kirby sites are not affected if they don't allow file uploads for untrusted users ...

Cross-site scripting (XSS) from MIME type auto-detection of uploaded files

TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Your Kirby sites are not affected if they don't allow file uploads for untrusted users ...

Denial of service from unlimited password lengths

TL;DR This vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities...

shankarsteel.com Cross Site Scripting vulnerability OBB-2626042

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Ubuntu: Security Advisory (USN-2985-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mock SMTP Server 1.0 - Remote Crash (PoC)

Mock SMTP Server 1.0 - Remote Crash PoC !/usr/bin/python Exploit Title: Mock SMTP Server 1.0 Remote Crash PoC Date: 23-08-2015 Exploit Author: Shankar Damodaran Author's Twitter : @sh4nx0r Vendor Homepage: http://mocksmtpserver.codeplex.com Software Link:...

Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)

Konica Minolta FTP Utility 1.0 - Remote Denial of Service PoC !/usr/bin/python Exploit Title: Konica Minolta FTP Utility 1.0 Remote DoS PoC Date: 21-08-2015 Exploit Author: Shankar Damodaran Vendor Homepage: http://www.konicaminolta.com/ Software Link:...

Konica Minolta FTP Utility 1.0 - Remote Denial of Service (PoC)

!/usr/bin/python Exploit Title: Konica Minolta FTP Utility 1.0 Remote DoS PoC Date: 21-08-2015 Exploit Author: Shankar Damodaran Vendor Homepage: http://www.konicaminolta.com/ Software Link: http://download.konicaminolta.hk/bt/driver/mfpu/ftpu/ftpu10.zip Version: 1.0 Tested on: Microsoft Windows ...

Oracle Linux 6 : glibc (ELSA-2015-0863)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0863 advisory. - Fix invalid file descriptor reuse while sending DNS query 1207995, CVE-2013-7423. - Fix buffer overflow in gethostbynamer with misaligned buffer...

RHEL 6 : glibc (RHSA-2015:0863)

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

Moderate: Red Hat Security Advisory: glibc security and bug fix update

Updated glibc packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

WordPress WP-Syntax 0.9.1 Command Execution

====================================================================== Wordpress plugin WP-Syntax $functions if isnull$functions continue; foreach$functions as $function $string = calluserfuncarray$function, array$string; return $string; ... Global variable testfilter is not defined, so...

GLSA-200710-21 : TikiWiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200710-21 TikiWiki: Arbitrary command execution ShAnKaR reported that input passed to the 'f' array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact : An attacker could...

TikiWiki: Arbitrary command execution

Background TikiWiki is an open source content management system written in PHP. Description ShAnKaR reported that input passed to the "f" array parameter in tiki-graphformula.php is not properly verified before being used to execute PHP functions. Impact An attacker could execute arbitrary code...

TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit

No description provided by source. !/usr/bin/perl TikiWiki = 1.9.8 Remote Command Execution Exploit Description ----------- TikiWiki contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'tiki-graphformula.php' script not properly sanitizing user inpu...

TikiWiki <= 1.9.8 tiki-graph_formula.php Command Execution Exploit

Exploit for unknown platform in category web applications ================================================================== TikiWiki ; exit unless $command; &exploit$target, $command, $proxy; sub usage print "? TikiWiki \n"; print "? usage: perl $0 target\n"; print " target ex...

WoltLab-bb-1.1.2.txt

Hello bugtraq, ShAnKaR sec at shankar.antichat.ru reports multiple vulnerabilities in WoltLab Burning Book. Original message in Russian is available from http://www.security.nnov.ru/Odocument711.html Short translation: Author: ShAnKaR sec at shankar.antichat.ru Vendor: woltlab.de Tested version:...

FreeBSD : phpbb -- NULL byte injection vulnerability (86526ba4-53c8-11db-8f1a-000a48049292)

Secunia reports : ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the 'avatarpath' parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avata...