34 matches found
Updated perl-YAML packages fix security vulnerability
Updated perl-YAML package fixes security vulnerability: This update enforces that $LoadCode must be enabled to use the feature of evaluating typeglobs, because with the typeglob feature you would be able to set the variable $YAML::LoadCode from a YAML file, and that would be a security issue. The...
mediawiki: $wgRateLimits (rate limit / ping limiter) entry for 'user' overrides that for 'newbie'
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'...
mediawiki: BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...
MediaWiki Access Control Error Vulnerability (CNVD-2019-36872)
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. An ask control error vulnerability exists in MediaWiki versions 1.30.0 throug...
MediaWiki 1.31.0 .htaccess Vulnerability - Windows
Mediawiki misses .htaccess files in the provided tarball used to protect some directories that shouldn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
MediaWiki 1.31.0 .htaccess Vulnerability - Linux
Mediawiki misses .htaccess files in the provided tarball used to protect some directories that shouldn SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
CloudBees Jenkins Script Security plugin security bypass vulnerability
CloudBees Jenkins CI formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software release/testing projects and some of the timed execution of the task . Script Security...
DEBIAN-CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
UBUNTU-CVE-2017-5367
Multiple reflected XSS vulnerabilities exist within form and link input parameters of ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, which allows a remote attacker to execute malicious scripts within an authenticated client's browser. The URL is /zm/index.php and sample...
pForum 1.30 - showprofil.php SQL Injection
pForum 1.30 - showprofil.php SQL Injection ===================================================================================================== Powie's PHP Forum = v1.30 showprofil Remote SQL Injection Exploit...
php-atm.txt
PHP Advanced Transfer Manager Download users password hashes PHP Advanced Transfer Manager 1. Site:http://phpatm.free.fr/ ---------------------------------------------------- Bugs: http://victim.com/path/users/username ---------------------------------------------------- example:...
PHP Advanced Transfer Manager 1.30 - Remote Unauthorized Access
PHP Advanced Transfer Manager 1.30 - Remote Unauthorized Access source: https://www.securityfocus.com/bid/15237/info PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access. Access to sensitive files containing authentication credentials is not restricted, therefore a...
PHP Advanced Transfer Manager Multiple Vulnerabilities
Secunia Advisory: SA16867 Release Date: 2005-09-20 Critical: Moderately critical Impact: Cross Site Scripting Exposure of system information Exposure of sensitive information Where: From remote Solution Status: Unpatched Software: PHP Advanced Transfer Manager 1.x Select a product and view a...
PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities
Binary data 3234.prm...