The vulnerability of the Web server for visualizing BACnet/IP network controllers, SAUTER moduWeb Vision, allows a intruder to inject arbitrary Web or HTML code.

The vulnerability of the BACnet/IP network controller visualization web server from SAUTER moduWeb Vision exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially craft...

KLA10704 Multiple vulnerabilities in ARRIS cable modems.

Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code. Below is a complete list of vulnerabilities: 1. Predictable technician password can be exploited remotely to gain technician...

The vulnerability of the web application for data synchronization with ownCloud allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the web application for data synchronization with ownCloud exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using special symbols within the file name...

The vulnerabilities of Microsoft Lync Server and Skype for Business Server allow attackers to inject arbitrary web or HTML code.

The vulnerability of the jQuery server messaging components in Microsoft Lync Server and Skype for Business Server exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a special...

The vulnerability of the Mac OS X operating system allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the Quick Look component in the Mac OS X operating system exists due to the lack of security measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code using a previously visited website, during t...

The vulnerability of WebSphere Application Server’s application servers allows attackers to inject arbitrary web or HTML code.

The vulnerability of WebSphere Application Server applications exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject any desired web or HTML code using a specially crafted URL...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary web or HTML code.

The vulnerability of the REST API interface of the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially crafted URL...

The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any web or HTML code.

The vulnerability of the Active Content Filtering component in the IBM WebSphere Portal user interface exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code using a specially...

The vulnerability of the Moodle learning management system allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the course/pending.php component of the Moodle learning management system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code through a specially crafted...

WordPress Subscribe2 Plugin <= 8.0 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

WordPress S3 Video Plugin <= 0.97 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update plugin...

SAP HANA Extended Application Services ABAP Code Injection Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A security vulnerability exists in SAP HANA's Extended Application Services XS. A remote attacker...

CVE-2012-5697

The btinstall installation script in Bulb Security Smartphone Pentest Framework SPF before 0.1.3 uses weak permissions 777 for all files in the frameworkgui/ directory, which allows local users to obtain sensitive information or inject arbitrary Perl code via direct access to these files...

KLA10609 Multiple vulnerabilities in Microsoft Lync Server

Multiple serious vulnerabilities have been found in Microsoft Lync Server. Malicious users can exploit these vulnerabilities to inject arbitrary code or cause denial of service. Below is a complete list of vulnerabilities 1. XSS vulnerability can be exploited remotely via a specially designed URL...

Social Media Widget 4.0 - social-widget.php MITM Weakness Arbitrary Code Injection

The Social Media Widget WordPress plugin was affected by a social-widget.php MITM Weakness Arbitrary Code Injection security vulnerability...

Jupiter CMS <= 1.1.5 - Multiple XSS Attack Vectors

No description provided by source. Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and...

phpScheduleIt PHP reserve.php start_date Parameter Arbitrary Code Injection

No description provided by source. $Id: phpscheduleitstartdate.rb 14073 2011-10-26 18:06:12Z sinn3r $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and...

CPGNuke Dragonfly 9.0.6.1 - Remote Commands Execution Exploit

No description provided by source. ?php ---dragonfly9.0.6.1inclxpl.php 20.15 07/02/2006 CPGNuke Dragonfly 9.0.6.1 remote commands execution through arbitrary local inclusion - Sun-Tzu Drangonfly killing - coded by rgod site: http://rgod.altervista.org - this works regardless of magicquotesgpc...

viart shopping cart 3.5 - Multiple Vulnerabilities

No description provided by source. =============================================================== !vuln ViArt Shopping Cart v3.5 is prone to multiple remote vulnerabilities. Earlier versions may also be affected. ===============================================================...

ZeroCMS 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications ZeroCMS 1.0 articleid SQL Injection Vulnerability Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ Affected version: 1.0 Summary: ZeroCMS is a very simple Content Management System built using PHP and MySQL. Desc:...