187 matches found
GoAutoDial GoAdmin CE SQL Injection Vulnerability
GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. GoAutoDial GoAdmin CE's gologin.php script fails to adequately filter the 'username' and 'userpass' parameters, gologin/ validatecredentials/admi...
DEBIAN-CVE-2014-9649
Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...
DEBIAN-CVE-2015-1164
Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // slash slash followed by a domain in the PATHINFO to the default URI...
Mozilla Bonsai 1.3 Path Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5517/info A path disclosure vulnerability has been reported in Mozilla Bonsai. An attacker can exploit this vulnerability by making a malformed request to Bonsai. This causes Bonsai to return an error page to the requesti...
XOOPS 2.0 XoopsOption Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7149/info XOOPS has been reported vulnerable to an information disclosure vulnerability. According to the report, path information and other sensitive data may be output in server error messages. Information obtained in...
Invision Power Board 3.0 Multiple HTML-Injection and Information Disclosure Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Siteframe 2.2.4 Download.php Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7143/info Siteframe has been reported vulnerable to an information disclosure vulnerability. When handling certain download requests Siteframe may be lead into an error condition. When these errors occur, the script will...
PYSEC-2014-99
Multiple cross-site scripting XSS vulnerabilities in the responderror function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 resources.js or 2 resources.css in ajenti:static/, related to the traceback page...
PT-2014-2384
Name of the Vulnerable Software and Affected Versions Open Solution Quick.Cms version 5.0 Open Solution Quick.Cart version 6.0 Description A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to "admin.php". This could potentially lead ...
Design/Logic Flaw
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver allows remote attackers to obtain sensitive path information via unknown attack vectors...
PT-2013-6145 · Jquery · Prettyphoto
Name of the Vulnerable Software and Affected Versions: prettyPhoto versions 3.1.4 and earlier Description: The issue is related to a cross-site scripting XSS vulnerability in the setTimeout function in js/jquery.prettyPhoto.js. This vulnerability allows remote attackers to inject arbitrary web...
rubygem-rack: Path sanitization information disclosure
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...
UBUNTU-CVE-2013-0262
rack/file.rb Rack::File in Rack 1.5.x before 1.5.2 and 1.4.x before 1.4.5 allows attackers to access arbitrary files outside the intended root directory via a crafted PATHINFO environment variable, probably a directory traversal vulnerability that is remotely exploitable, aka "symlink path...
PT-2013-2197
Name of the Vulnerable Software and Affected Versions Rack versions 1.4.x through 1.4.4 Rack versions 1.5.x through 1.5.1 Description The issue allows attackers to access arbitrary files outside the intended root directory via a crafted PATH INFO environment variable, probably a directory travers...
openshift-origin-node-util: restorer.php preg_match shell code injection
node-util/www/html/restorer.php in the Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to execute arbitrary commands via a crafted uuid in the PATHINFO...
openshift-origin-node-util: restorer.php arbitrary URL redirection
Open redirect vulnerability in node-util/www/html/restorer.php in Red Hat OpenShift Origin before 1.0.5-3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the PATHINFO...
Webmin show.cgi Open Function Call Command Execution
Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...
Webmin show.cgi Open Function Call Command Execution
Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...
Webmin show.cgi Open Function Call Command Execution
Added: 11/26/2012 CVE: CVE-2012-2982 BID: 55446 OSVDB: 85248 Background Webmin is a web-based interface for system administration of Unix systems. The Webmin web server listens by default on port 10000/tcp. Problem Webmin 1.59 and earlier are vulnerable to remote code execution as a result of...
Scientific Linux Security Update : setroubleshoot on SL5.x i386/x86_64
A flaw was found in the way sealert wrote diagnostic messages to a temporary file. A local unprivileged user could perform a symbolic link attack, and cause arbitrary files, writable by other users, to be overwritten when a victim runs sealert. CVE-2007-5495 A flaw was found in the way sealert...