Landesk Management Suite 9.5 RFI / CSRF Vulnerabilities

Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities Product: Landesk Management Suite Vulnerable Versions: 9.5 and possible previous versions, 9.6 Tested Versio...

Debian DLA-65-1 : python-django security update

This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. http://www.freexian.com/services/debian-lts.html CVE-2014-0480 Django...

DEBIAN-CVE-2015-2241

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by a @property...

WordPress Plugin Huge IT Slider SQL Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. A SQL injection vulnerability exists in the WordPress plugin Huge IT Slider. The vulnerability is caused due to the failure to filter input passed to the...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2014-5360

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2014-5360

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2014-100035

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-100035

CVE-2014-100035 corresponds to an SQL injection vulnerability in the ticket grid of the LicensePal ArcticDesk admin interface prior to version 1.2.5. The flaw allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact is indicated as partial confidentiality/integrit...

CVE-2014-100035

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 nom or 2 useragent parameter to admin/robots.php...

RHEL 6 : rhevm (RHSA-2014:0506)

Red Hat Enterprise Virtualization Manager 3.4 is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CV...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582...

CVE-2014-3374

Multiple cross-site scripting XSS vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582...

GIGAPOD vulnerable to denial-of-service (DoS)

Overview GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service DoS vulnerability. GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interfa...

CVE-2012-5485

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Code injection

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

PYSEC-2014-27

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...