6844 matches found
NetCat CMS 3.12 HTML Injection
NetCat CMS 3.12 HTML Injection Security Vulnerabilities Exploit Title: NetCat CMS 3.12 /catalog/search.php? q Parameter HTML Injection Security Vulnerabilities Product: NetCat CMS Content Management System Vendor: NetCat Vulnerable Versions: 3.12 3.0 2.4 2.3 2.2 2.1 2.0 1.1 Tested Version: 3.12...
Comalatech Comala Workflows 4.6.1 CSRF / XSS Vulnerabilities
Comalatech Comala Workflows versions 4.6.1 and below suffer from cross site request forgery and cross site scripting vulnerabilities. title: Multiple XSS & XSRF vulnerabilities product: Comalatech Comala Workflows vulnerable version: = 4.6.1 fixed version: 4.6.2 for Confluence 5.4+ and 4.5.4 for...
Siemens SIMATIC S7-1200 Improper Input Validation Vulnerabilities
OVERVIEW Siemens has reported two improper input validation vulnerabilities discovered separately by Prof. Dr. Hartmut Pohl of softScheck GmbH and Arne Vidström of Swedish Defence Research Agency FOI in Siemens’ SIMATIC S7-1200 PLC. Siemens has produced a new version that mitigates these...
Apache Struts 2 Multiple Vulnerabilities (S2-023) (S2-025)
The remote web server is using a version of Struts 2 that is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to the token generator failing to adequately randomize the token values. An attacker can exploit this issue by extracting a token from a form...
Cisco Integrated Management Controller Privilege Escalation Vulnerability
Cisco Integrated Management Controller contains a vulnerability that could allow an authenticated, local attacker to gain shell-level access to the affected device. The vulnerability is due to improper input validation in the map-nfs command. An attacker could exploit this vulnerability by sendin...
VMware Workstations 10.0.0.40273 vmx86.sys Arbitrary Kernel Read
No description provided by source. Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product:...
VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read
VMware Workstation 10.0.0.40273 - vmx86.sys Arbitrary Kernel Read Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor:...
VMware Workstation 10.0.0.40273 - 'vmx86.sys' Arbitrary Kernel Read
Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...
VMWare vmx86.sys Arbitrary Kernel Read
Title: VMWare vmx86.sys Arbitrary Kernel Read Advisory ID: KL-001-2014-004 Publication Date: 2014.11.04 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-004.txt 1. Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273...
VMWare vmx86.sys Arbitrary Kernel Read
Vulnerability Details Affected Vendor: VMWare Affected Product: Workstation Affected Version: 10.0.0.40273 Platform: Microsoft Windows XP SP3 x86, Microsoft Windows Server 2003 SP2 x86, Microsoft Windows 7 SP1 x86 CWE Classification: CWE-20: Improper Input Validation Impact: Arbitrary Read,...
MatrikonOPC Improper Input Validation
OVERVIEW This advisory was originally posted to the US-CERT secure Portal library on January 10, 2014, and is now being released to the NCCIC/ICS-CERT web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation vulnerability in the...
Schneider Electric Telvent SAGE RTU DNP3 Improper Input Validation Vulnerability
OVERVIEW This advisory was originally posted to the US-CERT secure portal library on January 06, 2014, and is now being released to the NCCIC/ICS-CERT Web site. Adam Crain of Automatak and independent researcher Chris Sistrunk have identified an improper input validation in the Schneider Electric...
Foreman: Improper input validation
Foreman has improper input validation which could lead to partial Denial of Service...
IBM WebSphere Portal Unspecified XSS (PI16127)
The version of IBM WebSphere Portal on the remote host is affected by an unspecified cross-site scripting vulnerability due to improper user input validation. An attacker can exploit this issue to execute code in the security context of a user's browser to steal authentication cookies...
Resin Pro improperly performs Unicode transformations
Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...
Greg Matthews Classifieds.cgi 1.0 Hidden Variable Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the...
RedHat Linux 6.x X Font Server DoS and Buffer Overflow Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/1111/info A denial of service exists in the X11 font server shipped with RedHat Linux 6.x. Due to improper input validation, it is possible for any user to crash the X fontserver. This will prevent the X server from...
SAP NetWeaver Dispatcher Multiple Vulnerabilities - RCE, DoS
Application: SAP NetWeaver Dispatcher Versions Affected: SAP KERNEL 7.00 32BIT, disp+work.exe 7000.52.12.34966 Vendor URL: http://www.sap.com Bugs: Buffer overflow CWE-119, Integer overflow CWE-190, Improper Input Validation CWE-20 CVSS: AV:N/AC:H/Au:S/C:C/I:C/A:C 7.1 Exploits: PoC Reported:...
IBM WebSphere Portal 'boot_config.jsp' XSS (PI16041)
The version of IBM WebSphere Portal on the remote host is affected by a cross-site scripting vulnerability in the 'bootconfig.jsp' script due to improper user input validation. An attacker could exploit this issue to execute code in the security context of a user's browser to steal authentication...
Security Advisory-Improper Input Validation Vulnerability on Multiple Quidway Switch Products
Reported by the internal R&D engineers, several switch products does not validate the input properly. This vulnerability enables attacker to launch DoS attack by crafting and sending malformed packet to these vulnerable products Vulnerability ID: HWPSIRT-2014-0301. This Vulnerability has been...