156 matches found
CVE-2012-2274
Cross-site scripting XSS vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter...
CVE-2012-2274
PivotX (2.3.2 and earlier) contains a cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php where the file parameter is not properly sanitized. Exploitation allows remote attackers to inject arbitrary HTML/JS, potentially affecting administrator sessions. Evidence from multiple source...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. VID 0d3547ab-9b69-11e1-bdb1-525401003090 OpenVAS Vulnerability Test $ Description: Auto generated from VID 0d3547ab-9b69-11e1-bdb1-525401003090 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : PivotX -- 'ajaxhelper.php' XSS Vulnerability (0d3547ab-9b69-11e1-bdb1-525401003090)
High-Tech Bridge reports : Input passed via the 'file' GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...
Cross-Site Scripting (XSS) in Pivotx
Advisory ID: HTB23087 Product: Pivotx Vendor: pivotx.net Vulnerable Versions: 2.3.2 and probably prior Tested Version: 2.3.2 Vendor Notification: 18 April 2012 Vendor Patch: 18 April 2012 Public Disclosure: 9 May 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-2274...
PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting
PivotX 2.3.2 - ajaxhelper.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53434/info PivotX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
PivotX 2.3.2 - 'ajaxhelper.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/53434/info PivotX is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
PivotX -- 'ajaxhelper.php' Cross Site Scripting Vulnerability
High-Tech Bridge reports: Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of the affected website...
Cross-Site Scripting (XSS) in Pivotx
High-Tech Bridge SA Security Research Lab has discovered vulnerabiliy in Pivotx, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Pivotx: CVE-2012-2274 1.1 Input passed via the "file" GET parameter to /pivotx/ajaxhelper.php is not properly sanitise...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. VID e454ca2f-f88d-11e0-b566-00163e01a509 OpenVAS Vulnerability Test $ Description: Auto generated from VID e454ca2f-f88d-11e0-b566-00163e01a509 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : PivotX -- Remote File Inclusion Vulnerability of TimThumb (e454ca2f-f88d-11e0-b566-00163e01a509)
The PivotX team reports : TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...
PivotX -- Remote File Inclusion Vulnerability of TimThumb
The PivotX team reports: TimThumb domain name security bypass and insecure cache handling. PivotX before 2.3.0 includes a vulnerable version of TimThumb. If you are still running PivotX 2.2.6, you might be vulnerable to a security exploit, that was patched previously. Version 2.3.0 doesn't have...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: pivotx
The remote host is missing an update to the system as announced in the referenced advisory. VID ae0e5835-3cad-11e0-b654-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID ae0e5835-3cad-11e0-b654-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...
PivotX 'Reset my password' Feature Data Manipulation Vulnerability
PivotX is prone to data manipulation vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:pivotx:pivotx"; ifdescription...
FreeBSD : PivotX -- administrator password reset vulnerability (ae0e5835-3cad-11e0-b654-00215c6a37bb)
US CERT reports : PivotX contains a vulnerability that allows an attacker to change the password of any account just by guessing the username. Version 2.2.4 has been reported to not be affected. This vulnerability is being exploited in the wild and users should immediately upgrade to 2.2.5 or...
CVE-2011-1035
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...
Design/Logic Flaw
The password reset in PivotX before 2.2.4 allows remote attackers to modify the passwords of arbitrary users via unspecified vectors...