Lucene search
K

156 matches found

Cvelist
Cvelist
added 2012/08/13 11:0 p.m.20 views

CVE-2012-2274

Cross-site scripting XSS vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter...

5.6AI score0.03262EPSS
Exploits1References5
CVE
CVE
added 2012/08/13 11:0 p.m.65 views

CVE-2012-2274

PivotX (2.3.2 and earlier) contains a cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php where the file parameter is not properly sanitized. Exploitation allows remote attackers to inject arbitrary HTML/JS, potentially affecting administrator sessions. Evidence from multiple source...

4.3CVSS5.6AI score0.03262EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2012/05/31 12:0 a.m.29 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. VID 0d3547ab-9b69-11e1-bdb1-525401003090 OpenVAS Vulnerability Test $ Description: Auto generated from VID 0d3547ab-9b69-11e1-bdb1-525401003090 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

4.3CVSS6.5AI score0.03262EPSS
Exploits1
OpenVAS
OpenVAS
added 2012/05/31 12:0 a.m.22 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.3CVSS6.6AI score0.03262EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/05/14 12:0 a.m.19 views

FreeBSD : PivotX -- 'ajaxhelper.php' XSS Vulnerability (0d3547ab-9b69-11e1-bdb1-525401003090)

High-Tech Bridge reports : Input passed via the 'file' GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

4.3CVSS5.9AI score0.03262EPSS
Exploits1References3
securityvulns
securityvulns
added 2012/05/10 12:0 a.m.75 views

Cross-Site Scripting (XSS) in Pivotx

Advisory ID: HTB23087 Product: Pivotx Vendor: pivotx.net Vulnerable Versions: 2.3.2 and probably prior Tested Version: 2.3.2 Vendor Notification: 18 April 2012 Vendor Patch: 18 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2274...

4.3CVSS6.1AI score0.03262EPSS
Exploits1
exploitpack
exploitpack
added 2012/05/09 12:0 a.m.19 views

PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting

PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53434/info PivotX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2012/05/09 12:0 a.m.33 views

PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53434/info PivotX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2012/05/09 12:0 a.m.34 views

PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability

High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...

4.3CVSS7AI score0.03262EPSS
Exploits1References1
htbridge
htbridge
added 2012/04/18 12:0 a.m.43 views

Cross-Site Scripting (XSS) in Pivotx

High-Tech Bridge SA Security Research Lab has discovered vulnerabiliy in Pivotx, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Pivotx: CVE-2012-2274 1.1 Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitise...

2.6CVSS5.9AI score0.03262EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2012/02/13 12:0 a.m.12 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. VID e454ca2f-f88d-11e0-b566-00163e01a509 OpenVAS Vulnerability Test $ Description: Auto generated from VID e454ca2f-f88d-11e0-b566-00163e01a509 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2012/02/13 12:0 a.m.11 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.4AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2011/10/18 12:0 a.m.18 views

FreeBSD : PivotX -- Remote File Inclusion Vulnerability of TimThumb (e454ca2f-f88d-11e0-b566-00163e01a509)

The PivotX team reports : TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...

5.5AI score
Exploits0References1
FreeBSD
FreeBSD
added 2011/08/03 12:0 a.m.10 views

PivotX -- Remote File Inclusion Vulnerability of TimThumb

The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...

0.6AI score
Exploits0References1
OpenVAS
OpenVAS
added 2011/03/05 12:0 a.m.17 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS6.6AI score0.04019EPSS
Exploits0
OpenVAS
OpenVAS
added 2011/03/05 12:0 a.m.24 views

FreeBSD Ports: pivotx

The remote host is missing an update to the system as announced in the referenced advisory. VID ae0e5835-3cad-11e0-b654-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID ae0e5835-3cad-11e0-b654-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

7.5CVSS6.6AI score0.04019EPSS
Exploits0
OpenVAS
OpenVAS
added 2011/02/23 12:0 a.m.17 views

PivotX 'Reset my password' Feature Data Manipulation Vulnerability

PivotX is prone to data manipulation vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pivotx:pivotx"; ifdescription...

7.5CVSS6.4AI score0.04019EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2011/02/21 12:0 a.m.24 views

FreeBSD : PivotX -- administrator password reset vulnerability (ae0e5835-3cad-11e0-b654-00215c6a37bb)

US CERT reports : PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or...

7.5CVSS5.5AI score0.04019EPSS
Exploits0References2
NVD
NVD
added 2011/02/19 1:0 a.m.15 views

CVE-2011-1035

The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...

7.5CVSS6.8AI score0.04019EPSS
Exploits0References10
Prion
Prion
added 2011/02/19 1:0 a.m.16 views

Design/Logic Flaw

The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...

7.5CVSS7.3AI score0.04019EPSS
Exploits0References10Affected Software1
Rows per page
Query Builder