7613 matches found
Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)
According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles...
WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities
WordPress Digital Zoom Studio DZS Video Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter...
CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)
A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpSound 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Description fields in a playlist or the 3 filter parameter in an explore action to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the Contact Form Clean and Simple clean-and-simple-contact-form-by-meg-nicholas plugin 4.4.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the cscfname parameter to contact-us/...
MS14-073: Description of the security update for SharePoint Foundation 2010: November 11, 2014
Resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.INTRODUCTIONMicrosoft has released security bulletin MS14-073. To learn more about...
MS14-073: Vulnerability in Microsoft SharePoint Foundation could allow for elevation of privilege: November 11, 2014
Resolves a vulnerability in Microsoft SharePoint Server. An authenticated attacker who successfully exploited this vulnerability could run arbitrary script in the context of the user on the current SharePoint site.INTRODUCTIONMicrosoft has released security bulletin MS14-073. To learn more about...
HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)
Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2336...
Cross site scripting
Cross-site scripting XSS vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763...
MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
The version of ASP.NET MVC Model View Controller installed on the remote host is affected by an unspecified cross-site scripting vulnerability. A remote unauthenticated attacker could exploit this flaw to execute arbitrary script code in a user's browser subject to the privileges of the user...
KLA10614 Code injection vulnerability in Microsoft ASP.NET MVC
XSS vulnerability was found in ASP.NET MVC. By exploiting this vulnerability malicious users can inject arbitrary script. This vulnerability can be exploited remotely via a specially designed web page. Original advisories CVE-2014-4075 Related products Microsoft-ASP.NET-MVC CVE list CVE-2014-4075...
Joomla! 2.5.x < 2.5.25 / 3.x < 3.2.5 / 3.3.x < 3.3.4 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.25, 3.x prior to 3.2.5, or 3.3.x prior to 3.3.4. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the commedi...
LittleSite 0.1 Local File Include Vulnerability
Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
Help Page in multiple Adobe products vulnerable to cross-site scripting
Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
CVE-2014-4930
Multiple cross-site scripting XSS vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the 1 width, 2 height, 3 url, 4 helpP, 5 tab, 6 module, 7 completeData, 8 RBBNAME, 9 TC, 10 rtype, 11...
Kajona CMS Multiple Cross-Site Scripting Vulnerabilities
Kajona CMS is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...