CVE-2014-4765

IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through 7.5.0.6, Maximo Asset Management 7.5.0 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, and Maximo Asset Management 7.1 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote...

bash: security and bugfix update (critical)

bash was updated to fix a critical security issue, a minor security issue and bugs: In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

openSUSE Security Update : bash (openSUSE-SU-2014:1226-1) (Shellshock)

bash was updated to fix a critical security issue, a minor security issue and bugs : In some circumstances, the shell would evaluate shellcode in environment variables passed at startup time. This allowed code execution by local or remote attackers who could pass environment variables to bash...

CVE-2014-5336

Monkey HTTP Server before 1.5.3, when the File Descriptor Table FDT is enabled and custom error messages are set, allows remote attackers to cause a denial of service file descriptor consumption via an HTTP request that triggers an error message...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a 1...

CVE-2012-4241

Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...

CVE-2012-4241

Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...

CVE-2014-3550

Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...

Failed to load jet library

Challenge The following error occurs when attempting to perform a restore using Veeam Explorer for Exchange: "Failed to load jet library from C:\ProgramData\Veeam\Backup\ExchangeExplorer\ESE\V15\ese.dll" Solution To solve, upgrade to Internet Explorer 10+ as it contains the necessary Windows file...

Advantech WebAccess Remote Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication requirements on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ChkCookieNoRedir function. By providing arbitrary values to certai...

CVE-2014-4907

Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...

CVE-2014-4907

Cross-site scripting XSS vulnerability in share/pnp/application/views/kohanaerrorpage.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a parameter that is not properly handled in an error message...

Factlink: XSS 01 on staging.fct.li

hey the error message generated can be used to escape out of a dynamically generated href link. The below will render in internet explorer without xss filter enabled of course. See the screenshot for an example. The response is: HTTP/1.1 504 Gateway Time-out Server: nginx/1.4.4 Date: Wed, 02 Jul...

Opera 7.0 Error Message History Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/6759/info It has been reported that Opera fails to ensure that a remote site has proper authorization before executing some methods used to access error messages stored in the Opera console. This issue is further...

Round Cube Webmail 0.1 -20051021 Path Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/15920/info Round Cube will reportedly reveal its installation path in an error message output to the client. The filesystem layout can be sensitive information that is useful in other attacks against the target server. Th...

Debian Linux 2.1,Linux kernel 2.2/2.3,RedHat Linux 6.0,S.u.S.E. Linux 6.1 IP Options Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/302/info A vulnerability in the Linux Kernel's IPv4 option processing may allow a remote user to crash the system. The vulnerability is the result of the kernel freeing a socket buffer when it shouldn't while sending an...

Joomla 3.2.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: Joomla 3.2.1 sql injection Date: 05/02/2014 Exploit Author: [email protected] Vendor Homepage: http://www.joomla.org/ Software Link: http://joomlacode.org/gf/download/frsrelease/19007/134333/Joomla3.2.1-Stable-FullPackage.zip Version: 3.2.1 default...

CGIScript.net csPassword.CGI 1.0 Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4887/info CGIScript.net provides various webmaster related tools and is maintained by Mike Barone and Andy Angrick. A vulnerability has been reported in the csPassword.cgi script developed by CGIScript.net that discloses...