Wing FTP 4.4.6 Cross Site Request Forgery

Exploit Title: Wing FTP Server Cross-site Request Forgery vulnerabilities Product: Wing FTP Server Vulnerable Versions: 4.4.6 and all previous versions Tested Version: 4.4.6 Advisory Publication: 05/06/2015 Latest Update: 05/06/2015 Vulnerability Type: Cross-site Request Forgery CWE-352 CVE...

WordPress plugin WP Photo Album stores cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WP Photo Album. Due to the lack of user-supplied filters for scripts passed to the...

Oracle Commerce Platform A vulnerability exists in the Commerce Platform component

Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...

FreePBX suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-02675)

FreePBX is an open source, web-based PBX solution. FreePBX has multiple cross-site scripting vulnerabilities. Due to multiple HTTP POST parameters passed to the "/admin/config.php" script when "type" is set to "setup", "display" to "digiumaddons", "page" to "add-license-form", and "addon" to "ffa...

Landesk Management Suite 9.5 RFI / CSRF Vulnerabilities

Landesk Management Suite version 9.5 suffers from cross site request forgery and remote file inclusion vulnerabilities. Exploit Title: Landesk Management Suite RFI and CSRF vulnerabilities Product: Landesk Management Suite Vulnerable Versions: 9.5 and possible previous versions, 9.6 Tested Versio...

Debian DLA-65-1 : python-django security update

This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; and a data leak in the administrative interface. http://www.freexian.com/services/debian-lts.html CVE-2014-0480 Django...

DEBIAN-CVE-2015-2241

Cross-site scripting XSS vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonlyfields, as demonstrated by a @property...

WordPress Plugin Huge IT Slider SQL Injection Vulnerability

WordPress is a use of PHP language development blog platform, users can support PHP and MySQL database server set up their own weblog. A SQL injection vulnerability exists in the WordPress plugin Huge IT Slider. The vulnerability is caused due to the failure to filter input passed to the...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2014-5360

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2014-5360

Cross-site scripting XSS vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlistgrouptree.aspx...

CVE-2015-1058

Multiple cross-site scripting XSS vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 dataCategorytitle parameter to admin/categories/add, 2 dataFieldtitle parameter to admin/fields/ajaxfields/, 3 name property in a basicInfo JSON object to...

CVE-2014-100035

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Sql injection

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2014-100035

CVE-2014-100035 corresponds to an SQL injection vulnerability in the ticket grid of the LicensePal ArcticDesk admin interface prior to version 1.2.5. The flaw allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Impact is indicated as partial confidentiality/integrit...

CVE-2014-100035

SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 nom or 2 useragent parameter to admin/robots.php...

RHEL 6 : rhevm (RHSA-2014:0506)

Red Hat Enterprise Virtualization Manager 3.4 is now available. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are available for each vulnerability from the CV...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582...

CVE-2014-3374

Multiple cross-site scripting XSS vulnerabilities in the CCM admin interface in the Server in Cisco Unified Communications Manager allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuq90582...