CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

Cisco Identity Services Engine ISE contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some parameters...

Recommended Settings and Best Practices for Generic Implementation of a NetScaler Appliance

Recommended Settings for a Generic Implementation of a NetScaler Appliance The following sections contain the recommended settings for a generic implementation of some features of a NetScaler appliance: Modes Features Global System Settings HTTP Parameters SNMP Alarms Network Interfaces General...

mcart.xls Bitrix Module 6.5.2 - SQL Injection

mcart.xls Bitrix Module 6.5.2 - SQL Injection Advisory ID: HTB23279 Product: mcart.xls Bitrix module Vendor: www.mcart.ru Vulnerable Versions: 6.5.2 and probably prior Tested Version: 6.5.2 Advisory Publication: November 18, 2015 without technical details Vendor Notification: November 18, 2015...

ntop-ng 2.0.151021 - Privilege Escalation

Vulnerability title: ntop-ng = 2.0.151021 - Privilege Escalation Author: Dolev Farhi Contact: dolev at flaresec.com Vulnerable version: 2.0.151021 Fixed version: 2.2 Link: ntop.org Date 27.11.2015 CVE-2015-8368 Product Details: ntopng is the next generation version of the original ntop, a network...

ntop-ng 2.0.151021 - Privilege Escalation Vulnerability

Exploit for multiple platform in category web applications Vulnerability title: ntop-ng = 2.0.151021 - Privilege Escalation Author: Dolev Farhi Contact: dolev at flaresec.com Vulnerable version: 2.0.151021 Fixed version: 2.2 Link: ntop.org Date 27.11.2015 CVE-2015-8368 Product Details: ntopng is...

ntop-ng 2.0.151021 - Privilege Escalation

ntop-ng 2.0.151021 - Privilege Escalation Vulnerability title: ntop-ng = 2.0.151021 - Privilege Escalation Author: Dolev Farhi Contact: dolev at flaresec.com Vulnerable version: 2.0.151021 Fixed version: 2.2 Link: ntop.org Date 27.11.2015 CVE-2015-8368 Product Details: ntopng is the next generati...

RXTEC RXAdmin SQL Injection

RXTEC20150513 Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter. Type of vulnerability: SQL injection Attack outcome: It is possible to extract all information from the database in use by the...

Reprise License Manager actserver and akey HTTP Parameters Parsing Stack Buffer Overflow

A stack buffer overflow vulnerability exists in the Reprise License Manager. The vulnerability is due to insufficient input validation of the actserver and akey parameters while processing a number of HTTP requests. Successful exploitation would lead to arbitrary code execution under the security...

Feedweb 2.4.1-3.0.6 - SQL Injection

The feedweb WordPress plugin was affected by a SQL Injection security vulnerability. http://www.example.com/wp-content/plugins/feedweb/widgetcontainer.php?pid= Inject here &ishp=true...

Multiple XSS Vulnerabilities in Jahia xCM

High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in Jahia xCM, which can be exploited to perform cross-site scripting attacks against administrator of vulnerable application. 1 Multiple Cross-Site Scripting XSS Vulnerabilites in Jahia xCM: CVE-2013-4624 1.1 The...

WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)

WHMCompleteSolution WHMCS 5.0 - Cross-Site Request Forgery Multiple Application Function source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize...

WHMCompleteSolution (WHMCS) 5.0 - KnowledgeBase.php?search Cross-Site Scripting

WHMCompleteSolution WHMCS 5.0 - KnowledgeBase.php?search Cross-Site Scripting source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input...

WHMCompleteSolution (WHMCS) 5.0 - Cross-Site Request Forgery (Multiple Application Function)

source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the...

WHMCompleteSolution (WHMCS) 5.0 - 'KnowledgeBase.php?search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53740/info WHMCS is prone to a cross-site scripting vulnerability and multiple HTML-parameter-pollution vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would run in the context of the...

Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net

Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...

Struts2XWork 2.2.0 - Remote Command Execution

Struts2XWork 2.2.0 - Remote Command Execution Friday, July 9, 2010 CVE-2010-1870: Struts2/XWork remote command execution Update Tue Jul 13 2010: Added proof of concept Apache Struts team has announced uploaded but has not released, due to an unreasonably prolonged voting process, the 2.2.0 releas...

Multiple DOM-Based XSS in Dojo Toolkit SDK

=========================================================== Multiple DOM-Based XSS in Dojo Toolkit SDK Public Release Date: 3/12/2010 Adam Bixby - Gotham Digital Science [email protected] Affected Software: Dojo Toolkit SDK = Build 1.4.1 Browser used for testing: IE8 8.0.7600.16385 Severity:...

SEC Consult SA-20090901-0 :: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console

SEC Consult Security Advisory 20090901-0 ======================================================================= title: File disclosure vulnerability in JSFTemplating, Mojarra Scales and GlassFish Application Server v3 Admin console products: JSFTemplating FileStreamer/PhaseListener component...

FreeBSD : gallery2 -- file disclosure vulnerability (47bdabcf-3cf9-11da-baa2-0004614cc33d)

Michael Dipper wrote : A vulnerability has been discovered in gallery, which allows remote users unauthorized access to files on the webserver. A remote user accessing gallery over the web may use specially crafted HTTP parameters to access arbitrary files located on the webserver. All files...