88 matches found
Splicecom Maximiser Soft PBX Security Breach
Splicecom Maximiser Soft PBX is an IP phone. A security vulnerability exists in Splicecom Maximiser Soft PBX v1.5 and prior versions, which stems from a cross-site scripting XSS vulnerability in the CLIENTNAME and DEVICEGUID fields in the login component...
PT-2024-12439 · Splicecom · Splicecom Maximiser Soft Pbx
Name of the Vulnerable Software and Affected Versions: Splicecom Maximiser Soft PBX versions 1.5 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability can be exploited via the CLIENT NAME and DEVICE GUID fields in the login component...
CVE-2023-31297
An issue was discovered in SESAMI planfocus CPTO Cash Point & Transport Optimizer 6.3.8.6 718. There is XSS via the Name field when modifying a client...
SUSE CVE-2012-1006
Multiple cross-site scripting XSS vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 lastName parameter to struts2-showcase/person/editPerson.action, or the 3 clientName parameter to struts2-rest-showcase/orders...
SUSE CVE-2017-17439
In Heimdal through 7.4, remote unauthenticated attackers are able to crash the KDC by sending a crafted UDP packet containing empty data fields for client name or realm. The parser would unconditionally dereference NULL pointers in that case, leading to a segmentation fault. This is related to th...
SUSE CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
CVE-2023-24233
A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in the component /php-inventory-management-system/orders.php?o=add of Inventory Management System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Client Name parameter...
Inventory Management System 跨站脚本漏洞
Inventory Management System is an inventory management system by stemword individual developers. A security vulnerability exists in Inventory Management System v1. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially crafted payload into the...
Mobile Mouse RCE
This module utilizes the Mobile Mouse Server by RPA Technologies, Inc protocol to deploy a payload and run it from the server. This module will only deploy a payload if the server is set without a password default. Tested against 3.6.0.4, current at the time of module writing Module Options msf u...
GHSA-CF8F-W2C5-P5JR keycloak vulnerable to unauthorized login via mail server setup
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...
keycloak vulnerable to unauthorized login via mail server setup
A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...
webTareas 跨站脚本漏洞
webTareas is a web-based open source collaboration tool. The product supports features such as project management, bug tracking, content management and meeting management. A security vulnerability exists in webTareas, which can be exploited by an attacker to store arbitrary web script or HTML by...
Cross-site Scripting (XSS) - Stored in bigprof-software/online-invoicing-system
✍️ Description In the repo online invoicing system i found a stored xss which gets exploited on unpaid invoice view which is lead by client name. 🕵️♂️ Proof of Concept Video POC: https://drive.google.com/file/d/1emTPPkSgGXM6XllelCrsdTYhhXMGCGb/view?usp=sharing Steps to reproduce: 1. Add a client...
How to implement the OverrideIcaClientname feature for StoreFront
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. This article explains how to implement the OverrideIcaClientname feature for StoreFront 1.2 Receiver...
MGASA-2021-0040 Updated synergy packages fix a security vulnerability
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
UBUNTU-CVE-2020-15117
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...
CVE-2020-15117 Denial of Service in Synergy
In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff 4294967295 if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the availab...