2016 August

[webapps] – GitLab – "impersonate" Feature Privilege Escalation

Posted by deepcore under Security (No Respond)

GitLab – “impersonate” Feature Privilege Escalation

WordPress Advanced Custom Fields: Table Field 1.1.12 XSS

Posted by deepcore under exploit (No Respond)

WordPress Advanced Custom Fields: Table Field plugin version 1.1.12 suffers from a persistent cross site scripting vulnerability.

Nagios Log Server 1.4.1 XSS / Authentication Bypass

Posted by deepcore under exploit (No Respond)

Nagios Log Server versions 1.4.1 and below suffer from authentication bypass, privilege escalation, cross site scripting, and inconsistent control vulnerabilities.

Nagios Network Analyzer 2.2.0 Command Injection / SQL Injection

Posted by deepcore under exploit (No Respond)

Nagios Network Analyzer versions 2.2.0 and below suffer from authentication bypass, arbitrary code execution, and remote SQL injection vulnerabilities.

Nagios Incident Manager 2.0.0 XSS / SQL Injection / Code Execution

Posted by deepcore under exploit (No Respond)

Nagios Incident Manager versions 2.0.0 and below suffer from code execution, cross site scripting, and remote SQL injection vulnerabilities.

WSO2 Identity Server 5.1.0 XML Injection

Posted by deepcore under exploit (No Respond)

WSO2 Identity Server version 5.1.0 suffers from cross site request forgery and XML external-entity injection vulnerabilities.

WSO2 Carbon 4.4.5 Local File Inclusion

Posted by deepcore under exploit (No Respond)

WSO2 Carbon version 4.4.5 suffers from a local file inclusion vulnerability.

WSO2 Carbon 4.4.5 Cross Site Scripting

Posted by deepcore under exploit (No Respond)

WSO2 Carbon version 4.4.5 suffers from multiple cross site scripting vulnerabilities.

WSO2 Carbon 4.4.5 Cross Site Request Forgery / Denial Of Service

Posted by deepcore under exploit (No Respond)

WSO2 Carbon version 4.4.5 suffers from a cross site request forgery vulnerability that can trigger a denial of service condition.

SonarQube Jenkins Password Disclosure

Posted by deepcore under exploit (No Respond)

The SonarQube Jenkins plugin in Jenkins CI suffers from a plain text password disclosure vulnerability.

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

[webapps] – GitLab – "impersonate" Feature Privilege Escalation

WordPress Advanced Custom Fields: Table Field 1.1.12 XSS

Nagios Log Server 1.4.1 XSS / Authentication Bypass

Nagios Network Analyzer 2.2.0 Command Injection / SQL Injection

Nagios Incident Manager 2.0.0 XSS / SQL Injection / Code Execution

WSO2 Identity Server 5.1.0 XML Injection

WSO2 Carbon 4.4.5 Local File Inclusion

WSO2 Carbon 4.4.5 Cross Site Scripting

WSO2 Carbon 4.4.5 Cross Site Request Forgery / Denial Of Service

SonarQube Jenkins Password Disclosure

Tabs Switcher

Categories

Archives

Meta

BLOGROLL

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Tabs Switcher

Categories

Archives

Meta

BLOGROLL