1577 matches found
Ninja Forms <= 2.8.9 - Unspecified Issue Affecting Admin Users
This version includes a fix for a potential security vulnerability for admin users...
1830 Photonic Service Switch PSS-32/16/4 Cross Site Scripting
SWISSCOM CSIRT ADVISORY - http://www.swisscom.com/security CVE ID: CVE-2014-3809 Product: 1830 Photonic Service Switch PSS-32/16/4 Vendor: Alcatel-Lucent Subject: Reflected Cross-site Scripting - XSS Effect: Remotely exploitable Author: Stephan Rickauer stephan.rickauer at swisscom.com Date:...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
DEBIAN-CVE-2014-3475
Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form...
openstack-horizon: multiple XSS flaws
A cross-site scripting XSS flaw was found in the way orchestration templates were handled. An owner of such a template could use this flaw to perform XSS attacks against other Horizon users. CVE-2014-3473 It was found that network names were not sanitized. A malicious user could use this flaw to...
UBUNTU-CVE-2014-3475
Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...
Lynx Message Server Multiple Vulnerabilities
No description provided by source. 1. Summary The Micro Technology Services Inc. Lynx Message Server 7.11.10.2 and/or LynxTCPService version 1.1.62 web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a Facility wide Duress and...
NetArtMedia Jobs Portal 1.3 - Multiple SQL Injection Vulnerabilities
No description provided by source. !R4Q!4N H4CK3R NetArtMedia Jobs Portal 1.3 Multiple Sql Injection Vulnerabilities Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected Files : index.php PoC:...
CMS Ignition SQL Injection Exploit
No description provided by source. |------------------------------------------------| | neavorc@gmaildotcom | ================================================== + SQL Injection Vulnerability + Dorks: allinurl:shop.htm?shopMGID= + Bug in shop.htm?shopMGID + Exploit:...
Blog System 1.x (note) SQL Injection Vuln
No description provided by source. Script : Blog System Version : 1.x Link : http://netartmedia.net/blogsystem/ Dork : powered by Blog System Table : websiteadminadminusers Columns : id,username,password,type Exploit :...
phpCommunityCalendar <= 4.0.3 - Multiple (XSS/SQL) Vulnerabilities
No description provided by source. phpCommunityCalendar 4.0.3 Multiple Vulnerabilites author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : Calendar progr...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user...
WordPress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities
WordPress Quick Page/Post Redirect plugin is prone to multiple vulnerabilities, such as CSRF and XSS. Because of this vulnerabilities, an admin user can be persuaded to visit a URL of the attacker’s choosing, the attacker can insert arbitrary JavaScript into an admin page. In that way the admin's...
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities Pet Listing Script V1.0 - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...
Appointment Scheduler 2.0 XSS / CSRF / File Disclosure
Appointment Scheduler V2.0 - Multiple Vulnerabilties ========================================================================= .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/appointment-scheduler/ .:. Tested On Demo ...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Cross site scripting
Cross-site scripting XSS vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag...
Alt-N MDaemon WebAdmin Remote Code Execution
================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code...
Fedora 18 : system-config-date-1.10.3-1.fc18 / system-config-nfs-1.4.1-1.fc18 (2012-17797)
This updates tightens policy so that only administrative users can make changes to the system as it was before using pkexec instead of consolehelper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted ...