WordPress Work The Flow 2.5.2 Shell Upload

Exploit Title : Wordpress Work the flow file upload 2.5.2 Shell Upload Vulnerability Exploit Author : Claudio Viviani Software Link : https://downloads.wordpress.org/plugin/work-the-flow-file-upload.2.5.2.zip Date : 2015-03-14 Tested on : Linux BackBox 4.0 / curl 7.35.0 Description: Work the Flow...

通达OA2013集团版SQL注入+root

简要描述： dd 详细说明： http://www.tongda2000.com/oa/group/ 试用登录 http://www.day900.com/ 注入点：...

724CMS 5.01 / 4.59 / 4.01 / 3.01 SQL Injection

724CMS 5.01 Multiple SQL Injection Security Vulnerabilities Exploit Title: 724CMS Multiple SQL Injection Security Vulnerabilities Vendor: 724CMS Product: 724CMS Vulnerable Versions: 3.01 4.01 4.59 5.01 Tested Version: 5.01 Advisory Publication: March 14, 2015 Latest Update: March 14, 2015...

hanweb /xxgk/workflow/objectbox/selectx_search.jsp SQL注入漏洞

No description provided by source...

Oracle GENERATESCHEMA Buffer Overflow Exploit

This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMSXMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. Th...

PHP file include vulnerability analysis-vulnerability warning-the black bar safety net

One, What is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...

SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

The Maestro module enables you to create complex workflows, automating business processes. The module doesn't sufficiently filter Role or Organic Group names when displaying them in the workflow details. This vulnerability is mitigated by the fact that an attacker must have a role with the...

PT-2014-3366 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: vTiger CRM version 5.4.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the return url parameter to the "modulescom vtiger workflowsavetemplate.php"...

Design/Logic Flaw

Eval injection vulnerability in frontview/lib/nphandler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."...

Vtiger 5.4.0 Cross Site Scripting Vulnerability

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities. Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage :...

JIRA Workflow Step Property jira.permission.browse allows you to view issues in issue navigator

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-35917. panel h3. Summary The JIRA Workflow Step Property jira.permission.browse does not prevent you to view issues in issue navigator. h3...

TDXK OA /general/workflow/list/roll_config.php SQL注入漏洞

No description provided by source...

Microsoft Office Web Apps Remote Code Execution vulnerability (2834052)

This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

[SECURITY] Fedora 18 Update: drupal7-rules-2.3-1.fc18

The rules modules allows site administrators to define conditionally execut ed actions based on occurring events known as reactive or ECA rules. It's a replacement with more features for the trigger module in core and the successor of the Drupal 5 workflow-ng module...

[SECURITY] Fedora 17 Update: drupal7-rules-2.3-1.fc17

The rules modules allows site administrators to define conditionally execut ed actions based on occurring events known as reactive or ECA rules. It's a replacement with more features for the trigger module in core and the successor of the Drupal 5 workflow-ng module...

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

Kodak Insite Creative Workflow System SQL Injection

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities

According to its version number, the MantisBT install hosted on the remote web server is affected by multiple vulnerabilities : - Version 1.2.12 of the application is affected by a cross-site scripting XSS vulnerability because the 'search.php' script fails to properly sanitize user-supplied inpu...

Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...