Eaton Network Shutdown Module <= 3.21 - Remote PHP Code Injection

No description provided by source. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 net user User accounts for \...

phpLDAPadmin <= 1.2.1.1 (query_engine) Remote PHP Code Injection

No description provided by source. $Id: phpldapadminqueryengine.rb 14060 2011-10-25 05:25:39Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

Foreman (Red Hat OpenStack/Satellite) bookmarks/create Code Injection

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...

CVE-2014-4304

CVE-2014-4304 describes a cross-site scripting (XSS) flaw in SQL Buddy ≤1.3.3, specifically in browse.php where the table parameter can be exploited to inject arbitrary web script or HTML. The vulnerability arises from improper handling of the table parameter, enabling remote attackers to execute...

Cross site scripting

Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...

openSUSE Security Update : perl-HTTP-Body (openSUSE-SU-2014:0433-1)

perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-247...

CVE-2014-3924

CVE-2014-3924 affects Webmin &lt; 1.690 and Usermin

CVE-2013-4430

Cross-site scripting XSS vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php...

CVE-2013-1407

The CVE-2013-1407 vulnerabilities affect the WordPress plugin Events Manager and the Events Manager Pro plugin, with multiple input vectors (scope, _wpnonce, user_name, dbem_phone, user_email, booking_comment) leading to XSS . Root cause: insufficient input validation/filtration in the index.php ...

CVE-2014-3207

Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...

CVE-2014-0362

CVE-2014-0362 describes an XSS flaw in Google Search Appliance (GSA) where input reflected into a [removed] block becomes executable when dynamic navigation is enabled. Affected products are GSA versions earlier than 7.0.14.G.216 and 7.2 earlier than 7.2.0.G.114. The impact is remote script execu...

CVE-2014-2260

The provided Connected documents confirm CVE-2014-2260 affects Ajenti 1.2.13, with an XSS vulnerability in plugins/main/content/js/ajenti.coffee that allows remote authenticated users to inject arbitrary web script or HTML via the command field in Cron. The root cause is inadequate input handling...

CVE-2011-4193

CVE-2011-4193 describes a Cross-site scripting (XSS) flaw in the overlay files tab of SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to...

CVE-2013-7368

CVE-2013-7368 concerns multiple XSS vulnerabilities in Gnew 2013.1. The NVD entry states that remote attackers can inject arbitrary script/HTML via the gnew_template parameter across several pages (users/profile.php, articles/index.php, admin/polls.php; category_id for news/submit.php; news_id fo...

CVE-2014-0157

Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...

CVE-2014-0509

CVE-2014-0509 describes a cross-site scripting (XSS) vulnerability in Adobe Flash Player and Adobe AIR products prior to the listed versions. Affected: Flash Player on Windows/macOS (before 11.7.700.275 and 11.8.x–13.0.x before 13.0.0.182), Flash Player on Linux (before 11.2.202.350), and Adobe A...

CVE-2011-4958

CVE-2011-4958 describes a cross-site scripting (XSS) vulnerability in the SSViewer.php process function of SilverStripe. The flaw allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders in affected releases: SilverStripe &lt; 2.3.13 and SilverS...

openSUSE: Security Advisory for perl-HTTP-Body (openSUSE-SU-2014:0433-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 (perl-HTTP-Body)

Check for the Version of perl-HTTP-Body OpenVAS Vulnerability Test $Id: gbsuse201404331.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 perl-HTTP-Body Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH,...

CVE-2013-1770

Cross-site scripting XSS vulnerability in viewsview.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the viewname parameter...