Lucene search
K

7613 matches found

Tenable Nessus
Tenable Nessus
added 2014/12/04 12:0 a.m.160 views

Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)

According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles...

7.1CVSS6.7AI score0.99999EPSS
Exploits7References7
OpenVAS
OpenVAS
added 2014/11/28 12:0 a.m.52 views

WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities

WordPress Digital Zoom Studio DZS Video Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

4.3CVSS6.6AI score0.07309EPSS
Exploits0References3
Prion
Prion
added 2014/11/26 3:59 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter...

4.3CVSS6.2AI score0.07309EPSS
Exploits0References4
OSV
OSV
added 2014/11/24 4:59 p.m.10 views

CVE-2012-6662

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

6AI score
Exploits0References17
Check Point Advisories
Check Point Advisories
added 2014/11/20 12:0 a.m.3 views

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)

A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...

4.3CVSS3.5AI score0.03923EPSS
Exploits6
Prion
Prion
added 2014/11/17 4:59 p.m.13 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Description fields in a playlist or the 3 filter parameter in an explore action to index.php...

4.3CVSS6AI score0.03217EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2014/11/17 4:59 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Contact Form Clean and Simple clean-and-simple-contact-form-by-meg-nicholas plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscfname parameter to contact-us/...

4.3CVSS6.3AI score0.01633EPSS
Exploits1References2Affected Software1
Microsoft KB
Microsoft KB
added 2014/11/11 12:0 a.m.24 views

MS14-073: Description of the security update for SharePoint Foundation 2010: November 11, 2014

Resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.INTRODUCTIONMicrosoft has released security bulletin MS14-073. To learn more about...

6.6AI score
Exploits0
Microsoft KB
Microsoft KB
added 2014/11/11 12:0 a.m.42 views

MS14-073: Vulnerability in Microsoft SharePoint Foundation could allow for elevation of privilege: November 11, 2014

Resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.INTRODUCTIONMicrosoft has released security bulletin MS14-073. To learn more about...

4.3CVSS5.7AI score0.08801EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/11/09 12:0 a.m.8 views

HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)

Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...

7.5CVSS6.9AI score0.06936EPSS
Exploits0
Prion
Prion
added 2014/10/31 2:55 p.m.26 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336...

4.3CVSS5.8AI score0.01792EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/10/19 1:55 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763...

6.8CVSS6.2AI score0.01274EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/10/15 12:0 a.m.335 views

MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

The version of ASP.NET MVC Model View Controller installed on the remote host is affected by an unspecified cross-site scripting vulnerability. A remote unauthenticated attacker could exploit this flaw to execute arbitrary script code in a user's browser subject to the privileges of the user...

4.3CVSS5.9AI score0.2016EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2014/10/14 12:0 a.m.99 views

KLA10614 Code injection vulnerability in Microsoft ASP.NET MVC

XSS vulnerability was found in ASP.NET MVC. By exploiting this vulnerability malicious users can inject arbitrary script. This vulnerability can be exploited remotely via a specially designed web page. Original advisories CVE-2014-4075 Related products Microsoft-ASP.NET-MVC CVE list CVE-2014-4075...

4.3CVSS6.1AI score0.2016EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2014/09/25 12:0 a.m.40 views

Joomla! 2.5.x < 2.5.25 / 3.x < 3.2.5 / 3.3.x < 3.3.4 Multiple Vulnerabilities

According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.25, 3.x prior to 3.2.5, or 3.3.x prior to 3.3.4. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the commedi...

7.5CVSS6AI score0.01716EPSS
Exploits0References6
0day.today
0day.today
added 2014/09/23 12:0 a.m.31 views

LittleSite 0.1 Local File Include Vulnerability

Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

7.5CVSS6.6AI score0.02386EPSS
Exploits3
Check Point Advisories
Check Point Advisories
added 2014/09/22 12:0 a.m.7 views

Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)

A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...

5.8CVSS5.2AI score0.18278EPSS
Exploits7
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/09/12 5:0 a.m.1 views

Help Page in multiple Adobe products vulnerable to cross-site scripting

Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...

4.3CVSS6.2AI score0.02458EPSS
Exploits0References5
NVD
NVD
added 2014/08/29 1:55 p.m.16 views

CVE-2014-4930

Multiple cross-site scripting XSS vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the 1 width, 2 height, 3 url, 4 helpP, 5 tab, 6 module, 7 completeData, 8 RBBNAME, 9 TC, 10 rtype, 11...

4.3CVSS5.8AI score0.03634EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2014/08/27 12:0 a.m.37 views

Kajona CMS Multiple Cross-Site Scripting Vulnerabilities

Kajona CMS is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS6.2AI score0.01914EPSS
Exploits2References6
Rows per page
Query Builder