839 matches found
Cisco WebEx Meeting Center GET Parameter Vulnerability
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to view sensitive information that is transmitted in GET parameters or perform SQL injection. The vulnerability is due to the inclusion of sensitive information in the URL as GET parameters. An attacker...
CVE-2015-4656
Multiple cross-site scripting XSS vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the 1 success parameter to login.php or 2 crafted URL parameters to index.php, as demonstrated by the t parameter to photo/...
BMC Footprints Service Core 11.5 Cross Site Scripting
About the Product: BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses. Advisory Details: During a Penetration testing, Help AG auditor Ayman Abdelaziz discovered the following: 1 Stored...
[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...
WoltLab Burning Board 4.0 Tapatalk Cross Site Scripting
Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...
ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities
Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...
CVE-2014-9060
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php...
phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities
No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...
PVote 1.0/1.5 Poll Content Manipulation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just by...
Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by t...
PeerCast <= 0.1216
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
Citrix NFuse 1.51/1.6 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4372/info Citrix NFuse is an application portal server meant to provide the functionality of any application on the server via a web browser. NFuse works in conjunction with a previously-installed webserver. NFuse is said...
OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities
No description provided by source. Software Vulnerable: OpenSiteAdmin 0.9.1 BETA and maybe prior versions. Vulnerable Code: -OpenSiteAdmin/indexFooter.php requireonce$path.footer.php; -OpenSiteAdmin/scripts/classes/DatabaseManager.php requireonce$path.OpenSiteAdmin/include.php;...
Admanager 1.1 Content Manipulation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4615/info Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does...
Philip Chinery's Guestbook 1.1 Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4566/info Philip Chinery's Guestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Philip Chinery's Guestbook does not filter script...
XMB Forum 1.8 Member.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7662/info XMB Forum has been reported prone to a cross-site scripting vulnerability. XMB Forum fails to adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...
Geeklog 1.3.5 - Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php'...
Critical Path InJoin Directory Server 4.0 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4717/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix variants. HTML code is not...
Sun ONE Application Server 7.0 Error Message Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site...
Remove url parameter support for os_username, os_password
Putting credentials in request parameters is likely to lead to those credentials being logged in access logs. h4. Workaround The following workaround is available in Jira 8.0.0 and higher versions. If you wish to prevent users from authenticating using url parameters, specifying their username &...