4 matches found
Cisco Small Business Devices Cross-Site Scripting Vulnerability
Cisco Small Business Voice Gateways and Analog Telephone Adapters ATAs and Cisco Small Business SPA 500 Series IP Phones contain a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to a lack of sanitization of...
PT-2011-16: Denial Of Service in Mozilla Firefox
Positive Research Center has discovered a Denial of Service vulnerability in Mozilla Firefox. Due to insufficient checks of input parameters of HTML5 Canvas' Arc method, Mozilla Firefox allows a remote attacker to cause a denial of service infinite loop. Example of HTML code triggering the...
PT-2011-13: Privilege Gaining in ManageEngine ServiceDesk Plus 8.0.0
The specialists of the Positive Research center have revealed privilege gaining vulnerability in ManageEngine ServiceDesk Plus. Insufficient privilege validation allows attackers with guest privileges account guest/guest to create a user with servicedesk administrator privileges via HTTP GET...
PT-2011-10: Abritrary Files Loading in ManageEngine ServiceDesk Plus 8.0
The specialists of the Positive Research center have detected "Abritrary Files Loading" vulnerability in ManageEngine ServiceDesk Plus. Insufficient CSV file input filtering in user import script allows attackers with guest privileges account guest/guest overwrite an arbitrary file in bin folder ...