MeiuPic 2.1.2 - 'ctl' Local File Inclusion

source: https://www.securityfocus.com/bid/66317/info MeiuPic is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This...

Quest / Dell KACE K1000 Systems Management Appliance (SMA) <= 5.5.90545 XSS Vulnerability (SOL120154)

Quest / Dell KACE K1000 Systems Management Appliance SMA is prone to a cross-site scripting XSS vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

xBoard 5.0/5.5/6.0 - &#039;view.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/64619/info xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This...

xBoard 5.05.56.0 - view.php Local File Inclusion

xBoard 5.05.56.0 - view.php Local File Inclusion source: https://www.securityfocus.com/bid/64619/info xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Multiple cross-site scripting vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provid...

Nagios Looking Glass <= 1.1.0 beta 2 LFI Vulnerability - Active Check

Nagios Looking Glass is prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

TomatoCart 1.1.8.2 - class Local File Inclusion

TomatoCart 1.1.8.2 - class Local File Inclusion source: https://www.securityfocus.com/bid/63795/info TomatoCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication...

Bugzilla 4.2 - Tabular Reports Cross-Site Scripting

source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in...

XSS in reorder panel

To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...

ChamaCargo vulnerable to cross-site scripting

Overview ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...

GLPI <= 0.83.7 LFI Vulnerability - Active Check

GLPI is prone to a local file include LFI vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Design/Logic Flaw

The scripts editor in Cisco Unified Contact Center Express aka Unified CCX does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546...

CVE-2013-1214

The scripts editor in Cisco Unified Contact Center Express aka Unified CCX does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546...

Jenkins: cross-site scripting vulnerability

Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...

JVN#68830017: KENT-WEB ACCESS REPORT vulnerable to cross-site scripting

ACCESS REPORT provided by KENT-WEB is a software to analyze web access logs. ACCESS REPORT contains an issue in the processing of access logs, which may lead to a cross-site scripting vulnerability. Note that this vulnerability is different from JVN23563149. Impact An arbitrary script may be...

Greenstone - Multiple Vulnerabilities

Greenstone - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: 1. A file-disclosure vulnerability 2. A cross-site scripting vulnerability 3. A security weakness 4. A security-bypass vulnerability Attackers...

Greenstone - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/56662/info Greenstone is prone to the following security vulnerabilities: 1. A file-disclosure vulnerability 2. A cross-site scripting vulnerability 3. A security weakness 4. A security-bypass vulnerability Attackers can exploit these issues to view local...

openSIS 5.1 - ajax.php Local File Inclusion

openSIS 5.1 - ajax.php Local File Inclusion source: https://www.securityfocus.com/bid/56598/info openSIS is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker can exploit this vulnerability to obtain potentially sensitive...

Open Realty - &#039;select_users_lang&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/55834/info Open Realty is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts i...