Joomla! User-Agent Object Injection RCE

The Joomla! application running on the remote web server is affected by a remote code execution vulnerability due to improper sanitization of the User-Agent header field when saving session values. An unauthenticated, remote attacker can exploit this, via a serialized PHP object, to execute...

CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

VulnCheck KEV: CVE-2015-8562

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015...

WordPress Wordfence Plugin <= 3.8.6 - Stored XSS

This plugin is prone to lib/IPTraf.php User-Agent header stored cross site scripting vulnerability. Solution Update plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php...

WordPress plugin Simple visitor stat has multiple cross-site scripting vulnerabilities

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.Simple visitor stat plugin for WordPress is a visitor statistics plugin. The Simple visitor stat plugin for WordPre...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

CVE-2014-6180

Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 7.0.x before 7.0.0.5 and 7.5.x before 7.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the HTTP User-Agent header...

CVE-2014-8340

SQL injection vulnerability in Php/Functions/logfunction.php in phpTrafficA 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via a User-Agent HTTP header...

Design/Logic Flaw

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...

CVE-2014-7178

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...

CVE-2014-7178

Enalean Tuleap prior to 7.5 (listed variants include 7.4.99.5 and earlier; fixed in 7.5) is vulnerable to remote command execution via the User-Agent header passed to the passthru PHP function (via the SVN handler page). This is triggered by crafted requests such as /svn/viewvc.php/?roottype=svn&...

CVE-2014-7178

Enalean Tuleap before 7.5.99.6 allows remote attackers to execute arbitrary commands via the User-Agent header, which is provided to the passthru PHP function...

Cross site scripting

Cross-site scripting XSS vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header...

MegaBook 1.1/2.0/2.1 - Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8065/info MegaBook is prone to multiple HTML injection vulnerabilities. This is due to insufficient sanitization of HTML and script code from user-supplied input, including input supplied to the administrative login page...

Pserv 2.0 User-Agent HTTP Header Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issui...

Pserv 2.0 User-Agent HTTP Header Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/6286/info A buffer overflow vulnerability has been reported in Pserv. The buffer overflow condition is due to the way Pserv handles data streams from remote connections. An attacker can exploit this vulnerability by issui...

Apple QuickTime 5.0 Content-Type Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4064/info Apple QuickTime is a freely available media player. It runs on a number of platforms including MacOS and Windows 9x/ME/NT/2000/XP operating systems. Apple QuickTime For Windows does not perform sufficient bounds...

CVE-2014-4309

Multiple cross-site scripting XSS vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the 1 TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML via the 2 MaxInstances, 3 PassivePorts, 4 Port, 5...

PHPBTTracker+ 2.2 - SQL Injection

Exploit Title: PHPBTTracker+ 2.2 SQL Injection Date: May 13th, 2014 Exploit Author: BackBox Team Vendor Homepage: http://phpbttrkplus.sourceforge.net/ Software Link: http://sourceforge.net/projects/phpbttrkplus/files/ Version: PHPBTTracker+ 2.2 Tested on: PHP 5.4.27, Apache 2.4.9, MySQL = 5.0.0...