238 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2014-3892
CVE-2014-3892 concerns Meridian (Nexa Meridian) prior to 2014, vulnerable to Cross-site scripting (XSS) that allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The issue affects Meridian software (market trading application) and can enable arbitrary script exe...
CVE-2014-3892
Cross-site scripting XSS vulnerability in Nexa Meridian before 2014 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Meridian vulnerable to cross-site scripting
Overview Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Kazuyuki Matsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#36028879: Meridian vulnerable to cross-site scripting
Meridian provided by Nexa Technologies is a software for market trading. Meridian contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by...
AJ HYIP MERIDIAN (news.php id) Blind SQL Injection Vulnerability
No description provided by source. AJ HYIP MERIDIAN news.php id Blind SQL Injection Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - site: http://www.ajsquare.com/products/ajhyip/index.php - about AJ HYIP: AJ HY...
Nortel Meridian Integrated RAN Default Admin Credentials
The remote device is a Nortel Meridian Integrated RAN MIRAN that uses a set of known, default credentials 'admin' / 'admin000'. Knowing these, an attacker able to connect to the service can gain complete control of the device. Nortel MIRAN is a system card that provides multi-tasking voice...
CVE-2010-2916
SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2010-2916
CVE-2010-2916 affects the AJ Square AJ HYIP MERIDIAN system, specifically the news.php component. The vulnerability is a SQL injection in the parameter id , allowing remote attackers to execute arbitrary SQL commands. This is confirmed across multiple feeds (NVD entry and related records). The av...
AJ HYIP MERIDIAN SQL Injection
AJ HYIP MERIDIAN news.php id Blind SQL Injection Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - site: http://www.ajsquare.com/products/ajhyip/index.php - about AJ HYIP: AJ HYIP is a complete financial tool wit...
AJ HYIP MERIDIAN - news.php?id Blind SQL Injection
AJ HYIP MERIDIAN - news.php?id Blind SQL Injection AJ HYIP MERIDIAN news.php id Blind SQL Injection Vulnerability bug found by Jose Luis Gongora Fernandez a.k.a JosS contact: sys-projectathotmail.com website: http://www.hack0wn.com/ - site: http://www.ajsquare.com/products/ajhyip/index.php - abou...
Meridian Prolog Manager uses weak authentication to store and transmit user credentials
Overview Meridian Systems Prolog Manager does not use strong encryption and returns a list of all user credentials when authenticating clients. These behaviors could allow an attacker to obtain user credentials and decrypt passwords. Description Meridian Systems Prolog Manager is a set of...
Code injection
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a 1 cleartext or 2 weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a...
CVE-2007-6330
Meridian Prolog Manager 2007 and earlier versions (including 7.5 and prior) transmit all usernames and passwords to the client in cleartext or weakly encrypted form to support client-side authentication. This can enable an attacker to capture credentials via network sniffing or a man-in-the-middl...
CVE-2007-6330
Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames and passwords to the client in a 1 cleartext or 2 weakly encrypted format to support client-side login authentication, which makes it easier for remote attackers to obtain database access by capturing credentials via a...
Meridian Prolog Manager weak encryption
Weak username/password encryption...
CVE-2007-2886
Unspecified vulnerability in the Nortel CS 1000 M media card in Enterprise VoIP-Core-CS 1000E, 1000M, and 1000S 04.50W before 20070523 in Meridian/CS 1000 allows remote attackers to cause a denial of service card hang via unspecified vectors...
CVE-2007-1820
CVE-2007-1820 affects Nortel Networks CallPilot and Meridian Mail voicemail systems when auto logon is enabled. A remote attacker can spoof Caller ID (CNID) to access, retrieve, or delete messages and reconfigure the mailbox. The vulnerability is documented with a high-severity CVSS v2 score (9.3...