CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2013/03/19 6:0 p.m.•40 views

CVE-2013-0505

IBM Sterling Order Management is affected by CVE-2013-0505 through multiple older release lines: 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13. The vulnerability is an XPath injection allowing remote authenticated users to read arbitrary XML files vi...

5.5CVSS6.5AI score0.01074EPSS

Exploits0References3Affected Software2

NVD•added 2013/03/05 5:2 a.m.•12 views

CVE-2012-4840

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote attackers to conduct XPath injection attacks, and call XPath extension functions, via unspecified vectors...

5CVSS6.8AI score0.01318EPSS

NVD•added 2013/03/05 5:2 a.m.•17 views

CVE-2012-4837

IBM Cognos Business Intelligence BI 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows remote authenticated users to conduct XPath injection attacks, and read arbitrary XML files, via unspecified vectors...

4CVSS6.4AI score0.01082EPSS

Prion•added 2013/03/05 5:2 a.m.•22 views

Design/Logic Flaw

4CVSS6.8AI score0.01082EPSS

Exploits0References3Affected Software1

Cvelist•added 2013/03/02 9:0 p.m.•17 views

CVE-2012-4840

6.8AI score0.01318EPSS

Cvelist•added 2013/03/02 9:0 p.m.•26 views

CVE-2012-4837

6.4AI score0.01082EPSS

CVE•added 2013/03/02 9:0 p.m.•55 views

CVE-2012-4837

IBM Cognos BI is vulnerable to XPath injection (read arbitrary XML) for versions 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1. The issue arises from improper input validation prior to XPath query use and requires remote authenticated access. Remediation: apply Cognos ...

4CVSS6.5AI score0.01082EPSS

Exploits0References3Affected Software1

securityvulns•added 2012/09/03 12:0 a.m.•41 views

DataWatch Monarch Business Intelligence (BI) v5.1 Admin Section Blind XPath Injection

DataWatch Monarch BI v5.1 admin section blind XPath injection Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a blind XPath...

0.4AI score

Packet Storm•added 2012/07/31 12:0 a.m.•42 views

DataWatch Monarch Business Intelligence (BI) 5.1 Blind XPath Injection

0.2AI score

Tenable Nessus•added 2011/09/21 12:0 a.m.•21 views

CGI Generic XPath Injection (2nd pass)

By providing specially crafted parameters to CGIs, Nessus was able to get an error from the underlying XPath engine. This error suggests that the CGI is affected by an XPath injection vulnerability. An attacker may exploit this flaw to bypass authentication or read confidential data. %NASLMINLEVE...

5.6AI score

Vulnerability Lab•added 2011/07/26 12:0 a.m.•43 views

SolveDirect SaaS v5.6.3 - XPath & SQL Vulnerabilities

Document Title: =============== SolveDirect SaaS v5.6.3 - XPath & SQL Vulnerabilities Release Date: ============= 2011-07-26 Vulnerability Laboratory ID VL-ID: ==================================== 119 Product & Service Introduction: =============================== Die weltweit groesste SaaS...

Vulnerability Lab•added 2011/07/26 12:0 a.m.•20 views

SolveDirect SaaS v5.6.3 - XPath & SQL Vulnerabilities

0.5AI score

myhack58•added 2011/03/27 12:0 a.m.•15 views

Family Connections CMS 2.3.2 stored cross site and XPath injection vulnerability-vulnerability warning-the black bar safety net

Family Connections is an open source content management system, it can be easy and convenient to create a private family site. Family Connections 2.3.2 the presence of the stored cross site and XPath injection vulnerability may lead to sensitive information disclosure. +info: Family Connections C...

6.3AI score

exploitpack•added 2011/03/25 12:0 a.m.•12 views

Family Connections 2.3.2 - subject HTML Injection

Family Connections 2.3.2 - subject HTML Injection source: https://www.securityfocus.com/bid/47037/info Family Connections is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

Packet Storm•added 2011/03/25 12:0 a.m.•17 views

Family Connections CMS 2.3.2 XSS / XML Injection

Family Connections CMS 2.3.2 Stored XSS And XPath Injection function xpathdocument.forms"xpath".submit; function xssdocument.forms"xss".submit; font color="r...

0.2AI score

0day.today•added 2010/11/22 12:0 a.m.•26 views

kemana Mullti Vulnerability

Exploit for php platform in category web applications =========================== kemana Mullti Vulnerability =========================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 1 /, /\L\ \ /\L\ \///'/' \ \ \ \ 1 3 //...

0day.today•added 2010/11/15 12:0 a.m.•382 views

Jcow 4.2.0 Blind SQL/XPath injection Vulnerability

Exploit for php platform in category web applications ================================================== Jcow 4.2.0 Blind SQL/XPath injection Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\...

0day.today•added 2010/11/15 12:0 a.m.•19 views

ChatLakTurk Video Sitesi1 Blind SQL XPath injection Vulnerability

Exploit for php platform in category web applications ================================================================= ChatLakTurk Video Sitesi1 Blind SQL XPath injection Vulnerability =================================================================...

Packet Storm•added 2010/08/13 12:0 a.m.•28 views

Apache JackRabbit 2.0.0 XPath Injection

Title: Apache JackRabbit webapp XPath Injection Author: ADEO Security Published: 11/08/2010 Version: 2.0.0 Possible all versions Vendor: http://www.apache.org Download: http://www.apache.org/dyn/closer.cgi/jackrabbit/2.0.0/jackrabbit-2.0.0-src.zip Description: "Apache Jackrabbit is a fully...

7.4AI score