Leaky RootsWeb Server Exposes Some Ancestry.com User Data
Source: Leaky RootsWeb Server Exposes Some Ancestry.com User Data
The post Leaky RootsWeb Server Exposes Some Ancestry.com User Data appeared first on MondoUnix.
Source: Leaky RootsWeb Server Exposes Some Ancestry.com User Data
The post Leaky RootsWeb Server Exposes Some Ancestry.com User Data appeared first on MondoUnix.
Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
Source: Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure
The p…
Ability Mail Server version 3.3.2 suffers from a cross site scripting vulnerability.
Source: Ability Mail Server 3.3.2 Cross Site Scripting
The post Ability Mail Server 3.3.2 Cross Site Scripting appeared first on MondoUnix.
WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability.
Source: WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS
The post WordPress Sagepay Server Gateway For WooComm…
A stretto giro dalla release per desktop, eravamo in attesa dell’uscita della versione server di Fedora 27.
In questa release, infatti, si sarebbe dovuta incarnare la nuova visione modulare del sistema, nella quale le componenti del sistema opera…
This Metasploit module exploits a vulnerability found in Mako Server version 2.5. It’s possible to inject arbitrary OS commands in the Mako Server tutorial page through a PUT request to save.lsp. Attacker input will be saved on the victims machine and can be executed by sending a GET request to manage.lsp. Source: Mako Server 2.5 […]
The post Mako Server 2.5 Command Injection appeared first on MondoUnix.
SpiderControl SCADA Web Server versions 2.02.0007 and below suffer from an improper privilege management vulnerability.
Source: SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
The post SpiderControl SCADA Web Server 2.02.0007 Imp…
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) does not properly validate input of the PUT_FILE RPC command which allows any authenticated user to hijack arbitrary file from the Content Server filesystem. Because some files on the Content Server filesystem are security-sensitive this security flaw leads to privilege escalation. Source: Opentext Documentum […]
The post Opentext Documentum Content Server File Hijack / Privilege Escalation appeared first on MondoUnix.
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows any authenticated user the ability to replace content of security-sensitive dmr_content objects (for example, dmr_content related to …
Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker’s repository permissions. Source: Opentext Documentum Content Server File Download
The post Opentext Documentum Content Server File Download appeared first on MondoUnix.