DEBIAN-CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save User action to admin/users/user.form...

openstack-horizon: multiple XSS flaws

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

UBUNTU-CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

CMS Ignition SQL Injection Exploit

No description provided by source. |------------------------------------------------| | neavorc@gmaildotcom | ================================================== + SQL Injection Vulnerability + Dorks: allinurl:shop.htm?shopMGID= + Bug in shop.htm?shopMGID + Exploit:...

NetArtMedia Jobs Portal 1.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. !R4Q!4N H4CK3R NetArtMedia Jobs Portal 1.3 Multiple Sql Injection Vulnerabilities Website : http://www.netartmedia.net Founded By : Encrypt3d.M!nd Home Page : http://encrypt3d.blogspot.com Remote Sql Injections : Affected Files : index.php PoC:...

Blog System 1.x (note) SQL Injection Vuln

No description provided by source. Script : Blog System Version : 1.x Link : http://netartmedia.net/blogsystem/ Dork : powered by Blog System Table : websiteadminadminusers Columns : id,username,password,type Exploit :...

phpCommunityCalendar <= 4.0.3 - Multiple (XSS/SQL) Vulnerabilities

No description provided by source. phpCommunityCalendar 4.0.3 Multiple Vulnerabilites author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : Calendar progr...

Lynx Message Server Multiple Vulnerabilities

No description provided by source. 1. Summary The Micro Technology Services Inc. Lynx Message Server 7.11.10.2 and/or LynxTCPService version 1.1.62 web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a Facility wide Duress and...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user...

WordPress Quick Page/Post Redirect Plugin 5.0.3 - Multiple Vulnerabilities

WordPress Quick Page/Post Redirect plugin is prone to multiple vulnerabilities, such as CSRF and XSS. Because of this vulnerabilities, an admin user can be persuaded to visit a URL of the attacker’s choosing, the attacker can insert arbitrary JavaScript into an admin page. In that way the admin's...

PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities

PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities Pet Listing Script V1.0 - Multiple Vulnerabilities ==================================================================== .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script :...

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Appointment Scheduler V2.0 - Multiple Vulnerabilties ========================================================================= .:. Author : HackXBack .:. Contact : [email protected] .:. Home : http://www.iphobos.com/blog/ .:. Script : http://www.phpjabbers.com/appointment-scheduler/ .:. Tested On Demo ...

[Full-disclosure] Magnolia CMS multiple access control vulnerabilities

Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...

Cross site scripting

Cross-site scripting XSS vulnerability in the Rules module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "administer rules" permission to inject arbitrary web script or HTML via a rule tag...

Alt-N MDaemon WebAdmin Remote Code Execution

================================================================== Alt-N MDaemon's WebAdmin Remote Code Execution Vulnerability ================================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/ Vuln Type: Remote Code...

Fedora 18 : system-config-date-1.10.3-1.fc18 / system-config-nfs-1.4.1-1.fc18 (2012-17797)

This updates tightens policy so that only administrative users can make changes to the system as it was before using pkexec instead of consolehelper. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted ...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote attackers to hijack the authentication of administrative users for requests that unblock a user...

Multiple vulnerabilities in LogAnalyzer

Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...

Lynx Message Server - Multiple Vulnerabilities

Lynx Message Server - Multiple Vulnerabilities 1. Summary The Micro Technology Services Inc. "Lynx Message Server 7.11.10.2" and/or "LynxTCPService version 1.1.62" web interface is vulnerable to SQL Injection, Cross-Site Scripting, and other security problems. 2. Description Lynx is a "Facility...