6680 matches found
PT-2013-5935 · Nagios · Nagiosql
Name of the Vulnerable Software and Affected Versions: NagiosQL version 3.2 SP2 Description: The issue is related to multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to various pages,...
CVE-2013-5414
The migration functionality in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 does not properly support the distinction between the admin role and the adminsecmanager role, which allows remote authenticated users to gain privileges in...
CVE-2013-5379
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...
CVE-2013-5379
Cross-site scripting XSS vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality...
Design/Logic Flaw
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not be a vulnerability, since it appears to be part of legitimate, intentionally-exposed functionality b...
[SECURITY] Fedora 18 Update: gnupg2-2.0.22-1.fc18
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...
[SECURITY] Fedora 19 Update: gnupg2-2.0.22-1.fc19
GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...
Cisco IOS Software DHCP Server remember Functionality Vulnerability
An issue in the DHCP server code of Cisco IOS Software could allow an unauthenticated, adjacent attacker to cause the device to reload. The issue is due to the remember functionality of the DHCP server. An attacker could exploit this issue by obtaining a lease and then releasing it. An exploit...
SOL14734 - Apache HTTP server vulnerability CVE-2013-2249
Recommended Action To mitigate this vulnerability for ARX, do not enable the API functionality. Supplemental Information SOL9970: Subscribing to email notifications regarding F5 products SOL9957: Creating a custom RSS feed to view new and updated documents SOL4602: Overview of the F5 security...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokIntroScroller for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokIntroScroller for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokMicroNews for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokMicroNews for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
Multiple vulnerabilities in RokStories for WordPress
Hello 3APA3A! I want to warn you about multiple vulnerabilities in plugin RokStories for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
CVE-2013-5477
Cisco IOS Software vulnerability CVE-2013-5477 affects T1/E1 driver queue logic in Cisco IOS 12.2 and 15.0–15.3 when using the HDLC32 driver. The flaw in the T1/E1 driver queue implementation allows remote, unauthenticated attackers to trigger a denial-of-service via bursty traffic, causing an in...
CVE-2013-5486
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute...
Directory traversal
Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN Server in Cisco Prime Data Center Network Manager DCNM before 6.21 allows remote attackers to write arbitrary files via the chartid parameter, aka Bug IDs CSCue77035 and CSCue77036. NOTE: this can be leveraged to execute...
WordPress RokIntroScroller 1.8 XSS / DoS / Disclosure / Upload
Hello list! I want to warn you about multiple vulnerabilities in plugin RokIntroScroller for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
WordPress RokNewsPager 1.17 Disclosure / Shell Upload / XSS / DoS
Hello list! I want to warn you about multiple vulnerabilities in plugin RokNewsPager for WordPress. In August 2012 I wrote about multiple vulnerabilities in RokBox for WordPress http://securityvulns.ru/docs28871.html. These vulnerabilities are similar, since the same developers put the same...
CVE-2012-6585
Cross-site scripting XSS vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the catid1 parameter...