Archiv pro měsíc: Duben 2015 AjaXplorer ‚save_zoho.php‘ Arbitrary File Upload Vulnerabilities

Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation. IBM WebSphere Application Server XML External Entity Information Disclosure Vulnerabilities

The Communications Enabled Applications (CEA) service in IBM WebSphere Application Server 8.0.x before and 8.5.x before, and Feature Pack for CEA 1.x before, allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. Open-Xchange AppSuite Cross Site Request Forgery Vulnerabilities

Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger requests to arbitrary servers and embed arbitrary images via a URL in an embedded image in a Text document, which is not properly handled by the image preview. Adobe Flash Player Remote Code Execution Vulnerabilities

Adobe Flash Player before and 14.x and 15.x before on Windows and OS X and before on Linux, Adobe AIR before, Adobe AIR SDK before, and Adobe AIR SDK & Compiler before allow attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference)