Lucene search
K

839 matches found

Cisco
Cisco
added 2015/06/23 2:47 p.m.24 views

Cisco WebEx Meeting Center GET Parameter Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to view sensitive information that is transmitted in GET parameters or perform SQL injection. The vulnerability is due to the inclusion of sensitive information in the URL as GET parameters. An attacker...

6.4CVSS6.9AI score0.02555EPSS
Exploits0References1
Cvelist
Cvelist
added 2015/06/18 6:0 p.m.21 views

CVE-2015-4656

Multiple cross-site scripting XSS vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the 1 success parameter to login.php or 2 crafted URL parameters to index.php, as demonstrated by the t parameter to photo/...

5.8AI score0.0125EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2015/02/07 12:0 a.m.46 views

BMC Footprints Service Core 11.5 Cross Site Scripting

About the Product: BMC FootPrints Service Core is an IT service and asset management platform used by many organizations to help the IT departments deliver more value to businesses. Advisory Details: During a Penetration testing, Help AG auditor Ayman Abdelaziz discovered the following: 1 Stored...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.89 views

[RT-SA-2014-015] Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

4.3CVSS5.5AI score0.01221EPSS
Exploits2
Packet Storm
Packet Storm
added 2015/01/13 12:0 a.m.68 views

WoltLab Burning Board 4.0 Tapatalk Cross Site Scripting

Advisory: Cross-site Scripting in Tapatalk Plugin for WoltLab Burning Board 4.0 RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the Tapatalk plugin for the WoltLab Burning Board forum software, which allows attackers to inject arbitrary JavaScript code via URL parameters...

4.3CVSS6.7AI score0.01221EPSS
Exploits2
securityvulns
securityvulns
added 2014/12/22 12:0 a.m.122 views

ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities

Title: ResourceSpace Multiple Cross Site Scripting, and HTML and SQL Injection Vulnerabilities Author: Petri Iivonen Contact: petri.iivonenattmbcgovuk Discovered: 11 June 2014 Updated: 11 December 2014 Published: 11 December 2014 Vendor: Montala Limited Vendor url: www.resourcespace.org Software:...

8.4AI score
Exploits0
Cvelist
Cvelist
added 2014/11/24 11:0 a.m.28 views

CVE-2014-9060

The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php...

6.6AI score0.02118EPSS
Exploits0References4
seebug.org
seebug.org
added 2014/11/13 12:0 a.m.13 views

phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities

No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

PVote 1.0/1.5 Poll Content Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just by...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Microsoft IIS 4.0,Microsoft Site Server 3.0 Showcode ASP Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/167/info A sample Active Server Page ASP script installed by default on Microsoft's Internet Information Server IIS 4.0 gives remote users access to view any file on the same volume as the web server that is readable by t...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

PeerCast <= 0.1216

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Citrix NFuse 1.51/1.6 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4372/info Citrix NFuse is an application portal server meant to provide the functionality of any application on the server via a web browser. NFuse works in conjunction with a previously-installed webserver. NFuse is said...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

OpenSiteAdmin <= 0.9.1.1 - Multiple File Inclusion Vulnerabilities

No description provided by source. Software Vulnerable: OpenSiteAdmin 0.9.1 BETA and maybe prior versions. Vulnerable Code: -OpenSiteAdmin/indexFooter.php requireonce$path.footer.php; -OpenSiteAdmin/scripts/classes/DatabaseManager.php requireonce$path.OpenSiteAdmin/include.php;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

Admanager 1.1 Content Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4615/info Admanager is banner advertisement management software. It is written in PHP and will run on most Unix and Linux variants, in addition to Microsoft Windows operating systems. Access to the 'add.php3' script does...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Philip Chinery's Guestbook 1.1 Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4566/info Philip Chinery's Guestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Philip Chinery's Guestbook does not filter script...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

XMB Forum 1.8 Member.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7662/info XMB Forum has been reported prone to a cross-site scripting vulnerability. XMB Forum fails to adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

Geeklog 1.3.5 - Multiple Cross Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.14 views

Critical Path InJoin Directory Server 4.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4717/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix variants. HTML code is not...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

Sun ONE Application Server 7.0 Error Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2014/05/30 3:39 a.m.40 views

Remove url parameter support for os_username, os_password

Putting credentials in request parameters is likely to lead to those credentials being logged in access logs. h4. Workaround The following workaround is available in Jira 8.0.0 and higher versions. If you wish to prevent users from authenticating using url parameters, specifying their username &...

3.2AI score
Exploits0
Rows per page
Query Builder