CVE-2018-3769

ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via "format" parameter...

PT-2018-16187 · Ruby · Ruby-Grape

Name of the Vulnerable Software and Affected Versions: ruby-grape affected versions not specified Description: The ruby-grape ruby gem suffers from a cross-site scripting XSS vulnerability via the format parameter. This issue allows for potential XSS attacks. Recommendations: At the moment, there...

Quest KACE System Management Appliance Cross-Site Scripting Vulnerability

Quest KACE System Management Appliance is an IT asset management appliance from Quest Software, USA. A cross-site scripting vulnerability exists in the 'fmt' parameter of the '/common/runcrossreport.php' script in Quest KACE System Management Appliance version 8.0.318. ' parameter in the...

CVE-2018-5306

Multiple cross-site scripting XSS vulnerabilities in Sonatype Nexus Repository Manager aka NXRM 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the repoId or 2 format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; 3 the filename in...

Mathias Kettner Check_MK Cross-Site Scripting Vulnerability

Mathias Kettner CheckMK is an open-source, general-purpose Nagios/Icinga monitoring system data collection plug-in from Mathias Kettner, Germany, which collects data from operating system and network components by employing a new methodology and supports the automated detection of monitoring item...

UBUNTU-CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

CVE-2017-11678

SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...

Sql injection

SQL injection vulnerability in Hashtopus 1.5g allows remote authenticated users to execute arbitrary SQL commands via the format parameter in admin.php...

DEBIAN-CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

UBUNTU-CVE-2016-10201

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php...

Remote Command Execution Vulnerability in the $format Parameter of the Video Device System of Clearstream Xun (Beijing) Technology Co.

StreamOcean, Inc. is the world's leading high-technology company dedicated to delivering high-definition interactive video over the Internet, with its fully independent intellectual property rights in the StreamOcean Video Delivery Network SOVDN, which provides the infrastructure for full video...

CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...

PT-2014-3067 · Zoho +1 · Zoho +1

Name of the Vulnerable Software and Affected Versions: Pydio versions prior to 5.0.4 Description: The issue is related to an unrestricted file upload vulnerability in the Zoho plugin. This allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it at a...

rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

rubygem-actionpack: number_to_currency, number_to_percentage and number_to_human XSS vulnerability

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

DEBIAN-CVE-2014-0081

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

CVE-2013-0785

Cross-site scripting XSS vulnerability in showbug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value ...

Cross site scripting

Cross-site scripting XSS vulnerability in showbug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value ...

Integer overflow

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...

CVE-2008-1384

Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the phpsprintfappendstring function in formattedprint.c and probably other...