CVE-2013-7191

CVE-2013-7191 has a documented XSS vulnerability in Tenmiles Helpdesk Pilot. The issue arises when an attacker can inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. The available sources (NVD, CVE records) confirm the vulnerability and describe the impact as e...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 befo...

Cross site scripting

Cross-site scripting XSS vulnerability in the numbertocurrency helper in actionpack/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \...

Thomson Reuters Velocity Analytics - Remote Code Injection

Thomson Reuters Velocity Analytics - Remote Code Injection source: https://www.securityfocus.com/bid/63880/info Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow an attacker to upload...

Thomson Reuters Velocity Analytics - Remote Code Injection

source: https://www.securityfocus.com/bid/63880/info Thomson Reuters Velocity Analytics is prone to a vulnerability that lets attackers inject and execute arbitrary code. Successfully exploiting this issue may allow an attacker to upload and execute arbitrary code with SYSTEM privileges. Thomson...

Cross site scripting

Cross-site scripting XSS vulnerability in the modpagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML...

Joomla Maian15 Shell Upload

=================================================================================== / | | | / | | | | | | | | | | |/ | ' | / \ ' \ / |/ \ '/ | | | | '/ \ \ /\ / / | || | | | | | | || / | | | | | / | \ \ | || | | /\ V V / |,|| ||\|| ||, ||| |/ || | // / | |/...

CVE-2013-5210 Adtran Netvanta Remote Code Injection via XSS

Multiple Vulnerabilities in the Adtran Netvanta 7100 Impact: Multiple Local and Remote Compromise, XSS and other Injection Attacks Versions: firmware prior to R10.5.3.HA Author: J. Oquendo joquendo at e-fensive dot net I. ADVISORY Title: Multiple Vulnerabilities in Adtran Netvanta 7100 Date...

Cross site scripting

Cross-site scripting XSS vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor...

CVE-2013-5918

The CVE-2013-5918 entry affects the WordPress plugin Platinum SEO , specifically the file platinum_seo_pack.php in versions before 1.3.8 . The vulnerability is a reflected XSS via the s parameter, allowing remote attackers to inject arbitrary script/HTML. Impact is described as potentially exposi...

CVE-2013-2022

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...

CVE-2013-1942

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id...

CVE-2013-1942

CVE-2013-1942 describes multiple XSS vulnerabilities in actionscript/Jplayer.as (jplayer.swf) of the jPlayer Flash SWF component. The flaws allow remote attackers to inject arbitrary script or HTML via the (1) jQuery or (2) id parameters, demonstrated by document.write in the jQuery parameter. Af...

CVE-2013-4995

CVE-2013-4995 affects phpMyAdmin 3.5.x (<3.5.8.2) and 4.0.x (

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...

Code injection

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to obtain sensitive information about application implementation via unspecified vectors, a different vulnerability than CVE-2013-0463, CVE-2013-2985, CVE-2013-3020, CVE-2013-0568,...

CVE-2013-2309

The CVE-2013-2309 issue affects OpenPNE’s management screen, where the vulnerability stems from the processing of data input in the "+mobile version color scheme configuration" item. Affected versions are OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1. The vulnerabi...

Siemens OpenScape Branch / Session Border Controller XSS / Disclosure / Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities in Siemens OpenScape Branch and OpenScape Session Border Controller product: Siemens OpenScape Branch Siemens OpenScape Session Border Controller...

HP Insight Diagnostics - Remote Code Injection

HP Insight Diagnostics - Remote Code Injection source: https://www.securityfocus.com/bid/60447/info HP Insight Diagnostics is prone to a remote code-injection vulnerability. An attacker can exploit this vulnerability to inject and execute arbitrary code within the context of the affected...