Collaborative Passwords Manager (cPassMan) 'path' Local File Inclusion Vulnerability

Collaborative Passwords Manager cPassMan is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OracleJSP Demos Cross Site Scripting

Advisory Name: Reflected Cross-Site Scripting XSS in OracleJSP Demos Internal Cybsec Advisory Id: 2011-0403- Reflected Cross-Site Scripting XSS in OracleJSP Demos Vulnerability Class: Reflected Cross-Site Scripting XSS Release Date: April 20, 2011 Affected Applications: Confirmed in OracleJSP...

Plogger 1.0 RC1 - 'gallery_name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47329/info Plogger is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion

WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion source: https://www.securityfocus.com/bid/47317/info The Spellchecker plugin for WordPress is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficientl...

Design/Logic Flaw

locale/programs/locale.c in locale in the GNU C Library aka glibc or libc6 before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function...

Password Vault Web Access vulnerable to cross-site scripting

Overview Password Vault Web Access PVWA provided by Cyber-Ark Software, Ltd. contains a cross-site scripting vulnerability. Password Vault Web Access PVWA is a module in the Privileged Identity Management Suite that allows access via a web portal. PVWA contains a cross-site scripting vulnerabilit...

phpcollab 2.5 - Multiple Vulnerabilities

phpcollab 2.5 - Multiple Vulnerabilities Vulnerability ID: HTB22916 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...

Symantec LiveUpdate Administrator < 2.3 CSRF (SYM11-005)

The version of LiveUpdate Administrator running on the remote host is earlier than 2.3. Such versions have a cross-site request forgery CSRF vulnerability. Failed login attempts are logged and viewable from the web console. Usernames from these failed attempts are not sanitized before they are...

e107 vulnerable to cross-site scripting

Overview e107 contains a cross-site scripting vulnerability. e107 provided by e107.org is a Content Management System CMS software. e107 contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendor under Information Securi...

Firefox 4 With Content Security Policy Due Tuesday

Firefox 4, the newest version of Mozilla’s flagship browser slated for release today, includes a variety of security and privacy protections, but perhaps the most important of them is the addition of the Content Security Policy. The mechanism, which is enabled by default in Firefox 4, is designed...

Mandriva Linux Security Advisory : tomcat5 (MDVSA-2011:030)

Multiple vulnerabilities has been found and corrected in tomcat5 : When running under a SecurityManager, access to the file system is limited but web applications are granted read/write permissions to the work directory. This directory is used for a variety of temporary files such as the...

pam security update

1.1.1-4.1 - fix insecure dropping of priviledges in pamxauth, pamenv, and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

SourceBans 1.4.7 XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:"sourcebans/index.php?p=submit" Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly...

Design/Logic Flaw

The client in HP Data Protector does not verify the contents of files associated with the EXECCMD command, which allows remote attackers to execute arbitrary script code by providing this code with a trusted filename, as demonstrated by omnichkds.sh...

SourceBans 1.4.7 Cross Site Scripting

Exploit Title: SourceBans Version 1.4.7 XSS Google Dork: inurl:"sourcebans/index.php?p=submit" Date: Feb. 9th 2011 Author: Sw1tCh Software Link: http://www.sourcebans.net/ Version: 1.4.7 Info: SourceBans is an application for managing publicly the banned users for a Steam Server. -= The Advisory ...

[SECURITY] CVE-2011-0013 Apache Tomcat Manager XSS vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2011-0013 Apache Tomcat Manager XSS vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: - - Tomcat 7.0.0 to 7.0.5 - - Tomcat 6.0.0 to 6.0.29 - - Tomcat 5.5.0 to 5.5.31 - - Earlier, unsupported versions may also be...

Fixed in Apache Tomcat 5.5.32

Low: Cross-site scripting CVE-2011-0013 The HTML Manager interface displayed web application provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administrative user when viewing the manager pages. This was fixed in revision...

Microsoft Windows MHTML script injection vulnerability

Overview Microsoft Windows contains an script injection vulnerability in the MHTML protocol handler, which may allow an attacker to execute arbitrary script within the context of another website domain. Description Microsoft Windows contains a script injection vulnerability caused by the way MHTM...

Sahana Agasti Multiple Input Validation Vulnerabilities

Sahana Agasti is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

AneCMS 1.3 - Persistent Cross-Site Scripting

AneCMS 1.3 - Persistent Cross-Site Scripting Exploit Title: AneCMS 1.3 Persistant XSS Date: 17.1.2011 Author: Penguin Visit: www.null-sector.info Software Link: http://anecms.com/anecms.zip Version: 1.3 Tested on: Linux I Vulnerability ---------------------- You can add blogpost comments that doe...