what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

MyBB Visual Editor 1.8.18 Cross Site Scripting
Posted Sep 22, 2018
Authored by Numan OZDEMIR

MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-17128
MD5 | 893adb3c1017a595010aefc716d0483e

Related Files

Debian Security Advisory 2522-1
Posted Aug 6, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2522-1 - Emilio Pinna discovered a cross site scripting vulnerability in the spellchecker.php page of FCKeditor, a popular html/text editor for the web.

tags | advisory, web, php, xss
systems | linux, debian
advisories | CVE-2012-4000
MD5 | 100eefb85fdd8d16cdec885637c78dba
Secunia Security Advisory 50136
Posted Aug 6, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for fckeditor. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
systems | linux, debian
MD5 | 971c4ab5cebfb2d245fb703fabf8ca00
Red Hat Security Advisory 2012-1136-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1136-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way OpenOffice.org processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in an OpenOffice.org application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
MD5 | 836e4df0eda645e1b201caf1b8979e5a
Red Hat Security Advisory 2012-1135-01
Posted Aug 2, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1135-01 - LibreOffice is an open source, community-developed office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. Multiple heap-based buffer overflow flaws were found in the way LibreOffice processed encryption information in the manifest files of OpenDocument Format files. An attacker could provide a specially-crafted OpenDocument Format file that, when opened in a LibreOffice application, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-2665
MD5 | b5f61d962177fc0ad23893983435bde7
WordPress Chenpress Shell Upload
Posted Jul 21, 2012
Authored by Am!r | Site irist.ir

WordPress ChenPress plugin suffers from a remote shell upload vulnerability via a FCKEditor.

tags | exploit, remote, shell
MD5 | 4d57c5aab8a869355fa7edbf23b7fc88
Secunia Security Advisory 49822
Posted Jul 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Sammy Forgit has discovered a vulnerability in the Front-end Editor plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory
MD5 | b3a9d82b026abc05015d9c4a39eb4bbe
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows, 7
MD5 | 55b249c7b416e0039642bb1ad643fe1b
Secunia Security Advisory 49606
Posted Jun 27, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Emilio Pinna has discovered two vulnerabilities in FCKeditor, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 106fe146b8593cf029a31c28f63cb0bf
Silverstripe Pixlr Image Editor 1.0.4 Shell Upload
Posted Jun 23, 2012
Authored by Sammy FORGIT

Silverstripe Pixlr Image Editor third party module version 1.0.4 suffers from an unauthenticated remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 183cdba6a88f1378f62e4596f2c29f3c
Secunia Security Advisory 49624
Posted Jun 23, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in IBM Lotus Expeditor, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

tags | advisory, vulnerability, xss
MD5 | bb0375d3b2dff7fd6d3d3b8b45a65c8a
Joomla IDoEditor 1.6.16 Shell Upload
Posted Jun 12, 2012
Authored by Sammy FORGIT

Joomla IDoEditor version 1.6.16 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
MD5 | 394ff0c4674b6ee1d21c240c086639b2
Secunia Security Advisory 49422
Posted Jun 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been discovered in Audio Editor Master, which can be exploited by malicious people to compromise a user's system.

tags | advisory
MD5 | 0af50e5d613f9212401d1b3a593916eb
Audio Editor Master 5.4.1.217 Denial Of Service
Posted Jun 6, 2012
Authored by Onying

Audio Editor Master version 5.4.1.217 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | bbd998b90afa45d4f79caad08a195b34
Red Hat Security Advisory 2012-0705-01
Posted Jun 5, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0705-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. An integer overflow flaw, leading to a buffer overflow, was found in the way OpenOffice.org processed an invalid Escher graphics records length in Microsoft Office PowerPoint documents. An attacker could provide a specially-crafted Microsoft Office PowerPoint document that, when opened, would cause OpenOffice.org to crash or, potentially, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2012-1149, CVE-2012-2334
MD5 | 2b488e5a4f1a6c07613cd269959708c0
Secunia Security Advisory 47229
Posted May 16, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in the eZ Style Editor extension for eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
MD5 | d4952de825b70c5c9e624127df2482f5
GSM SIM Editor 5.15 Buffer Overflow
Posted Apr 18, 2012
Authored by Ruben Alejandro | Site metasploit.com

This Metasploit module exploits a stack-based buffer overflow in GSM SIM Editor 5.15. When opening a specially crafted .sms file in GSM SIM Editor a stack-based buffer overflow occurs which allows an attacker to execute arbitrary code.

tags | exploit, overflow, arbitrary
MD5 | b607d4a63d0250d0e1f386df5bb3cafb
WordPress Deans With Pwwangs Code Shell Upload
Posted Mar 29, 2012
Authored by T0xic

WordPress Deans with Pwwangs Code plugin suffers from a FCKeditor remote file upload vulnerability.

tags | exploit, remote, file upload
MD5 | 1844a109d8d13c0c80157bc6adaabcf5
Drupal FCKEditor/CKEditor PHP Execution
Posted Mar 24, 2012
Authored by Patroscan

Drupal FCKEditor/CKEditor module remote PHP code execution exploit.

tags | exploit, remote, php, code execution
MD5 | 9d9241613b87c0bc1d7c9664845a5980
Red Hat Security Advisory 2012-0411-01
Posted Mar 23, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0411-01 - OpenOffice.org is an office productivity suite that includes desktop applications, such as a word processor, spreadsheet application, presentation manager, formula editor, and a drawing program. OpenOffice.org embeds a copy of Raptor, which provides parsers for Resource Description Framework files. An XML External Entity expansion flaw was found in the way Raptor processed RDF files. If OpenOffice.org were to open a specially-crafted file, it could possibly allow a remote attacker to obtain a copy of an arbitrary local file that the user running OpenOffice.org had access to. A bug in the way Raptor handled external entities could cause OpenOffice.org to crash or, possibly, execute arbitrary code with the privileges of the user running OpenOffice.org.

tags | advisory, remote, arbitrary, local, xxe
systems | linux, redhat
advisories | CVE-2012-0037
MD5 | 361c8d3b31ddb406823eb16d982ef1c4
Microsoft Bing Flash Editor Cross Site Scripting
Posted Mar 16, 2012
Authored by Aditya Gupta, Subho Halder, Dev Kar | Site vulnerability-lab.com

Microsoft Bing's Flash editor suffers from an input validation vulnerability that can lead to cross site scripting attacks.

tags | exploit, xss
MD5 | 128448de9e68d372f712c96b1ba49213
Secunia Security Advisory 48435
Posted Mar 15, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Two vulnerabilities have been reported in the CKEditor and FCKeditor modules for Drupal, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
MD5 | 432cdcb411cb3c57a1e2444b122aad3f
Drupal CKEditor / FCKeditor XSS / XSRF / Code Execution
Posted Mar 15, 2012
Authored by Heine Deelstra | Site drupal.org

CKEditor and FCKeditor modules in Drupal versions 6.x and 7.x suffer from PHP code execution, cross site request forgery, and cross site scripting vulnerabilities.

tags | advisory, php, vulnerability, code execution, xss, csrf
MD5 | 1c0fe95581fe894d03255a349fa668bf
AlegroCart FCKEditor Command Execution
Posted Mar 11, 2012
Authored by KedAns-Dz

AlegroCart FCKEditor remote command execution proof of concept exploit that leverages the vulnerability found by T0x!c.

tags | exploit, remote, proof of concept
MD5 | d6cf0daa38d779ffeed05b60f43c6c3c
Red Hat Security Advisory 2012-0141-01
Posted Feb 17, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0141-01 - SeaMonkey is an open source web browser, e-mail and newsgroup client, IRC chat client, and HTML editor. A heap-based buffer overflow flaw was found in the way SeaMonkey handled PNG images. A web page containing a malicious PNG image could cause SeaMonkey to crash or, possibly, execute arbitrary code with the privileges of the user running SeaMonkey. All SeaMonkey users should upgrade to these updated packages, which correct this issue. After installing the update, SeaMonkey must be restarted for the changes to take effect.

tags | advisory, web, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2011-3026
MD5 | a49fdcfccfc93900f257527baea72311
Chicago Tribune Cross Site Scripting
Posted Feb 15, 2012
Authored by Janne Ahlberg

The mobile.chicagotribune.com site suffers from a cross site scripting vulnerability. Editor's note 01/04/2013: Per the advisory author, Chicago Tribune has addressed this vulnerability.

tags | exploit, xss
MD5 | eac127c4d66259ffb95ceb8853f40e39
Page 1 of 4
Back1234Next

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    17 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close