Novell NetIQ Identity Manager HTML Injection Vulnerability

NetIQ Designer for Identity Manager is a suite of graphical interface tools for configuring and deploying Identity Manager, a comprehensive solution for providing identity and control access, from NetIQ USA. An html injection vulnerability exists in Novell NetIQ Identity Manager versions prior to...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...

SAP Console HTML Injection Vulnerability

SAP Console is a set of distribution components from SAP that supports the connection of exchange information within the SAP system. An html injection vulnerability exists in SAP Hybris Management Console version 5.6. An attacker could exploit this vulnerability to execute arbitrary script code i...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

Foreman HTML Injection Vulnerability (CNVD-2016-10271)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2016-10259)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "files" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts inputs under the...

Nextcloud Server Content Spoofing Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "dav" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts input under the...

PowerShell Script Execution Troubleshooting Advice

Veeam Support Scope Per Veeam Support Policy: Custom script troubleshooting is not supported. What's in Scope: Confirming that the Veeam task executed the script. Assisting with Veeam PowerShell cmdlets not functioning as intended or documented. What's Out of Scope: Troubleshooting why a custom...

Magento CMS URL Handling Cross-Site Scripting Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A cross-site scripting vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability by executing arbitrary...

Magento CMS Invitations Feature HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability to execute arbitrary script...

Magento CMS Flash File Upload Cross-Site Scripting Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...

IBM Jazz Foundation Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational Requirements Composer RRC and Rational DOORS...

Moxa ioLogik E1200 Arbitrary Code Execution Vulnerability

The Moxa ioLogik E1200 is an intelligent Ethernet I/O product from Moxa. A security vulnerability exists in the Moxa ioLogik E1200 that can be exploited by an attacker to execute arbitrary script code on the browser of an unsuspecting user in the context of an affected site...

Juniper Junos J-Web Cross-Site Scripting Attack Vulnerability

Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A cross-site scripting attack vulnerability exists in Juniper Junos J-Web, which could be exploited by an...

Abus Security Center 'FTP' HTML Injection Vulnerability

Abuse is a popular video game. An HTML injection vulnerability exists in Abus Security Center due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to execute arbitrary script code in the context of an affected browser to steal a user's...

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-08632)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited to execute arbitrary script in the web browser of a logged-in user...

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-08631)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in the ''Customapp'' feature in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited by an attacker to execute arbitrary script on the web browse...

"Schedule" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

"Customapp" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact ...