IBM Rational Focal Point HTML Injection Vulnerability (CNVD-2015-01907)

IBM Rational Focal Point is a Web-based product management system for IBM Rational with a built-in customer- and market-oriented product management process that provides workflow automation, information relevance analysis, statistical analysis of information, and prioritization analysis of...

HP ArcSight contains multiple vulnerabilities

Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...

Multiple Cross-Site Scripting Vulnerabilities in WordPress Plugin WP Media Cleaner

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities in the WordPress plugin WP Media Cleaner allow allow remote attackers to inject...

HelpDezk Multiple Vulnerabilities (Mar 2015)

HelpDezk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. A cross-site scripting vulnerability exists in IBM Maximo Asset Management that allows a remote, authenticated user to inject arbitrary web script or HTML via unspecified vector 7...

Multiple Cross-Site Scripting Vulnerabilities in Smoothwall Express

Smoothwall Express is a set of routing and firewall software for Linux-based systems. The software provides routing, firewall, NAT, VPN, IDS, dynamic DNS, internal and external network access control, network traffic control and monitoring, as well as logging and other functions. Smoothwall Expre...

Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)

This host is missing an important security update according to Microsoft Bulletin MS14-071. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

BirdBlog vulnerable to cross-site scripting

Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)

Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

LittleSite 0.1 - index.php Local File Inclusion

LittleSite 0.1 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

LittleSite 0.1 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts i...

CVE-2014-6236

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

Code injection

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

CVE-2014-6236

CVE-2014-6236 affects the LumoNet PHP Include (lumophpinclude) TYPO3 extension. Affected versions are 1.2.0 and earlier. The vulnerability allows remote attackers to execute arbitrary scripts via vectors related to extension links, indicating arbitrary code execution. The issue is addressed by up...

CVE-2014-6236

Unspecified vulnerability in the LumoNet PHP Include lumophpinclude extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links...

Uberghey CMS 0.3.1 - 'index.php' Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28217/info Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially sensitive...

XAMPP 1.6.x 'showcode.php' Local File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37999/info XAMPP is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker can exploit this vulnerability to obtain potentially sensitive information an...

OpenBiblio 0.x theme_del_confirm.php name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local...

Download Management 1.00 for PHP-Fusion Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/27618/info Download Management for PHP-Fusion is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access...

OpenInferno OI.Blogs 1.0 Multiple Local File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/38402/info OpenInferno OI.Blogs is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially...