OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a cross site scripting vulnerability in the Deployment functionality.
Source: OpenText Document Sciences xPression 4.5SP1 Patch 13 Cross Site Scripting
The post OpenText Document…
OpenText Document Sciences xPression version 4.5SP1 Patch 13 suffers from a remote SQL injection vulnerability in the xDashboard functionality.
Source: OpenText Document Sciences xPression 4.5SP1 Patch 13 SQL Injection
The post OpenText Document Scienc…
WordPress Content Audit plugin version 1.9.1 suffers from cross site request forgery and cross site scripting vulnerabilities.
Source: WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
The post WordPress Content Audit 1.9….
The git subcommand cvsserver is a Perl script which makes excessive use of the backtick operator to invoke git. Unfortunately user input is used within some of those invocations and it allows for OS command injection. Versions before before 2.14.2, 2.1…
AMC Master suffers from a remote file upload vulnerability.
Source: AMC Master Arbitrary File Upload
The post AMC Master Arbitrary File Upload appeared first on MondoUnix.
OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from XML external entity injection vulnerabilities.
Source: OpenText Documentum Administrator / Webtop XXE Injection
The post OpenText Documentum…
OpenText Documentum Administrator version 7.2.0180.0055 and Documentum Webtop version 6.8.0160.0073 suffer from an open redirection vulnerability.
Source: OpenText Documentum Administrator / Webtop Open Redirection
The post OpenText Documentum Administ…
This Metasploit module uses the “evaluate” request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The port (default 5858) is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration. Source: NodeJS Debugger Command Injection
The post NodeJS Debugger Command Injection appeared first on MondoUnix.
Adobe Flash suffers from an out-of-bounds read in applyToRange.
Source: Adobe Flash appleToRange Out-Of-Bounds Read
The post Adobe Flash appleToRange Out-Of-Bounds Read appeared first on MondoUnix.
This Metasploit module exploits a vulnerability in the Supervisor process control software, where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root. […]
The post Supervisor XML-RPC Authenticated Remote Code Execution appeared first on MondoUnix.
