369 matches found
The vulnerability of the enterprise automation system 1C:Enterprise, which allows a malicious individual to cause service failures
The automation system of the enterprise 1C:Enterprise contains a vulnerability in the Fast Infoset decoder library for working with XML documents xml2.dll. A malicious individual, by manipulating input data, can set the Fast Infoset decoder to the DOCUMENTCHARACTERENCODINGSCHEME state processing...
The vulnerability of the AMS Device Manager system allows a perpetrator to increase their privileges.
The vulnerability of the AMS Device Manager system control mechanism is related to the lack of protection for the SQL query structure. Exploiting this vulnerability allows an attacker to enhance their privileges by making incorrect data inputs remotely...
The vulnerability of the Moodle learning management system allows a hacker to execute arbitrary web or HTML code.
The vulnerability of the mod/quiz/report/statistics/statisticsquestiontable.php component of the Moodle learning management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML code ...
CmsEasy getshell(略鸡肋)
简要描述: rt 详细说明: 利用条件:文章必须通过后台审核(必须列表审核),有点鸡肋了。 CmsEasy\lib\default\archiveact.php: 411行 showaction函数 里有句 if front::get't' == 'wap' $tpl = category::gettemplate$this-view-catid, 'showtemplatewap'; if!$tpl $tpl = 'wap/show.html'; $this-out$tpl; return; if $template && fileexistsTEMPLATE . '/'...
WordPress BulletProof Security 50.8 Script Insertion
Document Title: =============== BulletProof Security Wordpress v50.8 - POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1326 Release Date: ============= 2014-09-30 Vulnerability Laboratory ID VL-ID:...
SpagoBI 4.0 - Persistent XSS Vulnerability
No description provided by source. 01. Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE...
SpagoBI 4.0 - Persistent HTML Script Insertion
No description provided by source. 01. Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability...
Possibly Tricking Users – The Perils of Drag n Drop Decadence
Security Possibly Tricking Users – The Perils of Drag n Drop Decadence Share May 12th, 2014 In the recent Opera 21 Stable release, we fixed a number of bugs relating to the address field. Normally, we would not want to give away too much about a security issue, as it would give a potential attack...
[CVE-2014-2531] SQL injection in InterWorx Web Control Panel <= 5.0.13
================================================= Title: SQL injection in InterWorx Control Panel Product: InterWorx Web Control Panel Vendor: InterWorx LLC Tested Version: 5.0.13 build 574 Vulnerability Type: SQL Injection CWE-89 CVE Reference: CVE-2014-2531 Solution Status: Fixed in Version...
SpagoBI 4.0 - Persistent XSS Vulnerability
Exploit for php platform in category web applications 1. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base Score: 4 CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N Component/s: SpagoBI Class: Input Manipulation 2. Introduction SpagoBI1 is an Open Source Business Intelligence suite,...
SpagoBI 4.0 - Persistent HTML Script Insertion
SpagoBI 4.0 - Persistent HTML Script Insertion 01. Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02...
SpagoBI 4.0 - Arbitrary Cross-Site Scripting / Arbitrary File Upload
Advisory Information Title: XSS File Upload Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6234 CVSS v2 Base Score: 4 CVSS v2 Vector:...
SpagoBI 4.0 - Persistent HTML Script Insertion
Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability Information CVE reference: CVE-2013-6233...
SpagoBI 4.0 Stored Cross Site Scripting
Advisory Information Title: Persistent Cross-Site Scripting XSS in SpagoBI Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference: CVE-2013-6232 CVSS v2 Base...
SpagoBI 4.0 Privilege Escalation
Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference: CVE-2013-6231 CVSS v2 Base Score: 9...
SpagoBI 4.0 - Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability...
SpagoBI 4.0 - Privilege Escalation
SpagoBI 4.0 - Privilege Escalation 01. Advisory Information Title: Remote Privilege Escalation in SpagoBI Date published: 2013-02-28 Date of last update: 2013-02-28 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: High 02. Vulnerability Information CVE reference:...
[CVE-2013-6235] - Multiple Reflected XSS vulnerabilities in JAMon v2.7
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
JAMon 2.7 Cross Site Scripting
Advisory Information Title: Multiple Reflected XSS vulnerabilities in JAMon Date published: 2013-01-23 Date of last update: 2013-01-23 Vendors contacted: JAMon v 2.7 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-6235 CVSS v2 Base Score:...
Joomla RSfiles SQLi Vulnerabilities
Joomla RSfiles is prone to SQL injection SQLi vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...