4774 matches found
Joomla 3.7.5 LDAP Injection Vulnerability
Exploit for php platform in category web applications With over 84 million downloads, Joomla! is one of the most popular content management systems in the World Wide Web. It powers about 3.3% of all websites’ content and articles. Our code analysis solution RIPS detected a previously unknown LDAP...
Request Tracker (RT) 4.x < 4.2.12 Multiple XSS Vulnerabilities
Request Tracker RT is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Open-Xchange (OX) App Suite Cross Site Scripting Vulnerability (Jul 2017)
Open-Xchange OX App Suite is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Authentication flaw
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors...
CVE-2016-7814
I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors...
Cross site scripting
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the securi...
CVE-2016-0255
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the securi...
CVE-2016-0255
IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the securi...
IBM MQ 8.x < 8.0.0.3 Multiple Information Disclosure (credentialed check)
The version of IBM MQ formerly IBM WebSphere MQ 8.x installed on the remote Windows host is missing fix pack 8.0.0.3 or later. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Advanced Message Security policy when a JMS client application sends a message to the...
Adobe ColdFusion Multiple Vulnerabilities (APSB17-14)
Adobe ColdFusion is prone to cross site scripting XSS and remote code execution RCE vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Nagios 'corewindow' Parameter XSS Vulnerability
Nagios is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nagios:nagios";...
Design/Logic Flaw
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials...
CVE-2016-5757
iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to iFrame manipulation attacks, which could allow remote users to gain access to authentication credentials...
CVE-2016-5757
CVE-2016-5757 affects NetIQ Access Manager: iManager Admin Console in NAM 4.1 (before 4.1.2 Hot Fix 1) and 4.2 (before 4.2.2). Root cause is an iFrame manipulation vulnerability that could allow remote attackers to gain access to authentication credentials. The connected sources confirm affected ...
CVE-2016-5751
An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials...
Kunena Forum Extension 'message subject' Cross Site Scripting Vulnerability
the Kunena Forum Extension for Joomla is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
SAP Enterprise Portal 'styleservice' Cross-Site Scripting Vulnerability
SAP Enterprise Portal is a German SAP SAP company's application integration platform, which integrates enterprise business information, enterprise applications and services, etc. together, and in the form of an independent Web-based user interface to the operator. A cross-site scripting...
Lutim Cross-Site Scripting Vulnerability
Lutim means Let's Upload That Image and can be used to store images. Lutim suffers from a cross-site scripting vulnerability due to the program failing to adequately validate user-supplied input. When an unsuspecting user browses the affected site, an attacker could exploit this vulnerability to...
CVE-2016-0305
IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...