Design/Logic Flaw

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution...

CVE-2016-7095

Exponent CMS prior to version 2.3.9 is vulnerable to an attacker uploading a malicious script file via redirection to place it in an unprotected folder that allows script execution. This affects Exponent CMS 2.3.x and earlier components handling file uploads; impact includes potential code execut...

UBUNTU-CVE-2016-7035

An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root and thereby gain roo...

Novell NetIQ Identity Manager HTML Injection Vulnerability

NetIQ Designer for Identity Manager is a suite of graphical interface tools for configuring and deploying Identity Manager, a comprehensive solution for providing identity and control access, from NetIQ USA. An html injection vulnerability exists in Novell NetIQ Identity Manager versions prior to...

Alienvault OSSIM/USM 5.3.1 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Details ======= Product: Alienvault OSSIM/USM Vulnerability: Stored XSS Author: Peter Lapp, lappsec gmail com CVE: CVE-2016-8581 CVSS: 3.5 Vulnerable Versions: Current Sessions. POC === The POC uses jQuery to send all session IDs on the "Curre...

SAP Console HTML Injection Vulnerability

SAP Console is a set of distribution components from SAP that supports the connection of exchange information within the SAP system. An html injection vulnerability exists in SAP Hybris Management Console version 5.6. An attacker could exploit this vulnerability to execute arbitrary script code i...

Alienvault OSSIM and USM PHP Object Injection Vulnerabilities

AlienVault OSSIM is an open source security information management system.USM is a security management platform that provides security monitoring, security event management and reporting, and a threat awareness system. An object injection vulnerability exists in Alienvault OSSIM and USM, which...

Foreman HTML Injection Vulnerability (CNVD-2016-10271)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...

Nextcloud Server Content Spoofing Vulnerability (CNVD-2016-10259)

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "files" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts inputs under the...

Nextcloud Server Content Spoofing Vulnerability

Nextcloud is a suite of open source self-hosted file synchronization and sharing communication application platform. Nextcloud Server has a content spoofing vulnerability in the "dav" app. The vulnerability is caused by displaying an abnormal message on the endpoint that puts input under the...

PowerShell Script Execution Troubleshooting Advice

Veeam Support Scope Per Veeam Support Policy: Custom script troubleshooting is not supported. What's in Scope: Confirming that the Veeam task executed the script. Assisting with Veeam PowerShell cmdlets not functioning as intended or documented. What's Out of Scope: Troubleshooting why a custom...

Magento CMS URL Handling Cross-Site Scripting Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A cross-site scripting vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability by executing arbitrary...

Magento CMS Invitations Feature HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability to execute arbitrary script...

Magento CMS Flash File Upload Cross-Site Scripting Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...

IBM Jazz Foundation Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational Requirements Composer RRC and Rational DOORS...

Moxa ioLogik E1200 Arbitrary Code Execution Vulnerability

The Moxa ioLogik E1200 is an intelligent Ethernet I/O product from Moxa. A security vulnerability exists in the Moxa ioLogik E1200 that can be exploited by an attacker to execute arbitrary script code on the browser of an unsuspecting user in the context of an affected site...

Juniper Junos J-Web Cross-Site Scripting Attack Vulnerability

Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A cross-site scripting attack vulnerability exists in Juniper Junos J-Web, which could be exploited by an...

Abus Security Center 'FTP' HTML Injection Vulnerability

Abuse is a popular video game. An HTML injection vulnerability exists in Abus Security Center due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to execute arbitrary script code in the context of an affected browser to steal a user's...

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...