70 matches found
CVE-2015-7465
Cross-site request forgery CSRF vulnerability in Lifecycle Query Engine LQE in IBM Jazz Reporting Service JRS 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Recent assessments: Assesse...
CVE-2013-6717
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service database outage and deactivation via unspecifi...
CVE-2013-6717
Summary of CVE-2013-6717 : The IBM DB2 OLAP query engine (affecting DB2 9.7 FP9, 9.8 FP3a/FP4, 10.1 FP3, 10.5 FP2/FP3, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition) contains a vulnerability that could allow a remote, authenticated user to cause a denial of service by terminatin...
DEBIAN-CVE-2012-0834
Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...
CVE-2012-0834
Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...
UBUNTU-CVE-2012-0834
Cross-site scripting XSS vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a queryengine action to cmd.php...
phpLDAPadmin 1.2.2 - base Cross-Site Scripting
phpLDAPadmin 1.2.2 - base Cross-Site Scripting source: https://www.securityfocus.com/bid/51793/info phpLDAPadmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
DEBIAN-CVE-2011-4075
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...
Code injection
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...
VulnCheck KEV: CVE-2011-4075
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter aka sortby variable in a queryengine action to cmd.php, as exploited in the wild in October 2011...