7656 matches found
CVE-2015-7863
CVE-2015-7863 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The root cause is the default configuration failing to protect the Remote Notify feature with Extended Notify Security, allowing a remote attacker to bypass ac...
CVE-2015-7863
The default configuration of Persistent Accelerite Radia Client Automation formerly HP Client Automation 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions vi...
CVE-2015-7860
The CVE-2015-7860 issue affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) — specifically the Radia/Client Automation agent prior to version 9.1. The vulnerability is a stack-based buffer overflow in the agent that can be exploited remotely by sending a large am...
CVE-2015-7862
CVE-2015-7862 affects Persistent Accelerite Radia Client Automation (formerly HP Client Automation) versions 7.9–9.1 prior to 2015-02-19. The vulnerability stems from improper implementation of Role Based Access Control, allowing a remote attacker to modify an account’s role assignments via unspe...
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery Persistent Cross-Site Scripting Vulnerabilities RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is...
RealtyScript 4.0.2 - Multiple Cross-Site Request Forgery / Persistent Cross-Site Scripting Vulnerabilities
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or...
RealtyScript 4.0.2 Cross Site Request Forgery / Cross Site Scripting
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities Vendor: Next Click Ventures Product web page: http://www.realtyscript.com Affected version: 4.0.2 Summary: RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or...
Persistent Systems Radia Client Automation Agent Command Injection
The Persistent Systems Radia Client Automation formerly HP Client Automation agent listening on the remote port is affected by a command execution vulnerability due to a flaw in the radexecd.exe component. An unauthenticated, remote attacker can exploit this to execute arbitrary commands in the...
RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities
Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...
Cross-Site Scripting
Overview Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack o...
WordPress Events Made Easy 1.5.49 CSRF / XSS
Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/ Events Made Easy is a full-featured event management solution fo...
Apache Solr < 4.10.5 'plugin.js' XSS
Binary data 8974.prm...
Wordpress DukaPress Plugin - Persistent XSS Vulnerability
Exploit for php platform in category web applications Tilte Exploit : Wordpress Plugin DukaPress - Persistent XSS Vulnerability Date : 21/09/2015 Author : ZwX Software Vendor : http://dukapress.org/ Software Link: https://wordpress.org/plugins/dukapress/ Version: 2.5.9 Levels Risk : Low Tested on...
Zope Management Interface 4.3.7 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Vendor: ================================ www.zope.org plone.org Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone...
Zope Management Interface 4.3.7 - CSRF Vulnerabilities
Exploit for php platform in category web applications Product: ================================ Zope Management Interface 4.3.7 Zope is a Python-based application server for building secure and highly scalable web applications. Plone Is a Content Management System built on top of the open source...
Joomla Komento Cross Site Scripting Vulnerability
Joomla Komento versions prior to 2.0.5 suffer from a persistent cross site scripting vulnerability. Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento I found out that was possible to launch a...
Joomla Komento Cross Site Scripting
CVE Reference: CVE-2015-7324 Original advisory: https://www.davidsopas.com/komento-joomla-component-persistent-xss/ Author: David Sopas @dsopas Komento is a Joomla! comment extension for articles and blogs in K2, EasyBlog, ZOO, Flexicontent, VirtueMart and redShop. @http://stackideas.com/komento ...
Persistent Systems Radia Client Automation Agent Stack Overflow Remote Code Execution (destructive check)
The Persistent Systems Radia Client Automation formerly HP Client Automation agent listening on the remote port is affected by a remote code execution vulnerability due to a stack overflow condition in the radexecd service. An unauthenticated, remote attacker can exploit this to execute arbitrary...
Prevent Activity feed information leakage by allowing permanently disabling of it
It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances, internal and external, which are connected one to another. Having them connected is clearly a business requirement for being able to cross link issues and to copy them...
Prevent Activity feed information leakage by allowing permanently disabling of it
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-45601. panel It seems that the sensitive information leakage is something almost impossible to avoid when you have a pair of JIRA instances,...