1057 matches found
Simple PHP Blog 0.5.1 - Local File Inclusion Vulnerability
No description provided by source. Simple PHP Blog is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the context ...
BarracudaDrive 6.7.2 Cross Site Scripting
Exploit Title : BarracudaDrive 6.7.2 Administrator Panel Rflected Cross-Site Scripting Author : Govind Singh aka NullCool Vendor : http://barracudadrive.com Software : BarracudaDrive 6.7.2 Date : 15/06/2014 Discovered At : IHT Lab 1ND14N H4X0R5 T34M Love to : error1046, DeadMan India,...
CVE-2014-1998
Cross-site scripting XSS vulnerability in Nippon Institute of Agroinformatics SOY CMS 1.4.0c and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
EVM: Stored XSS
Multiple cross-site scripting XSS vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
QNX 6.4.x/6.5.x ifwatchd - Local root Exploit
Exploit for QNX platform in category local exploits !/bin/sh QNX 6.4.x/6.5.x ifwatchd local root exploit by cenobyte 2013 - vulnerability description: Setuid root ifwatchd watches for addresses added to or deleted from network interfaces and calls up/down scripts for them. Any user can launch...
MeiuPic 2.1.2 - 'ctl' Local File Inclusion
source: https://www.securityfocus.com/bid/66317/info MeiuPic is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This...
Quest / Dell KACE K1000 Systems Management Appliance (SMA) <= 5.5.90545 XSS Vulnerability (SOL120154)
Quest / Dell KACE K1000 Systems Management Appliance SMA is prone to a cross-site scripting XSS vulnerability. Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...
xBoard 5.05.56.0 - view.php Local File Inclusion
xBoard 5.05.56.0 - view.php Local File Inclusion source: https://www.securityfocus.com/bid/64619/info xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
source: https://www.securityfocus.com/bid/64619/info xBoard is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts. This...
Multiple cross-site scripting vulnerabilities in Cybozu Garoon
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provid...
Nagios Looking Glass <= 1.1.0 beta 2 LFI Vulnerability - Active Check
Nagios Looking Glass is prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
TomatoCart 1.1.8.2 - class Local File Inclusion
TomatoCart 1.1.8.2 - class Local File Inclusion source: https://www.securityfocus.com/bid/63795/info TomatoCart is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication...
Bugzilla 4.2 - Tabular Reports Cross-Site Scripting
source: https://www.securityfocus.com/bid/63205/info Bugzilla is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Attackers can exploit this issue to steal cookie-based authentication information, execute arbitrary client-side scripts in...
XSS in reorder panel
To reproduce: 1. Open a confluence instance in Firefox. 2. Create a space with key "TEST". 3. Create a page in that space called "alert0". 4. Create two pages with the page from step 3 as their parent. 5. Go to: code:none base...
ChamaCargo vulnerable to cross-site scripting
Overview ChamaCargo provided by ChamaNet is a system for creating shopping websites. ChamaCargo contains a cross-site scripting vulnerability. Koki Takahashi of Keiji Takeda Lab, Keio University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securit...
GLPI <= 0.83.7 LFI Vulnerability - Active Check
GLPI is prone to a local file include LFI vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Design/Logic Flaw
The scripts editor in Cisco Unified Contact Center Express aka Unified CCX does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546...
CVE-2013-1214
The scripts editor in Cisco Unified Contact Center Express aka Unified CCX does not properly manage privileges for anonymous logins, which allows remote attackers to read arbitrary scripts by visiting the scripts repository directory, aka Bug ID CSCuf77546...
Jenkins: cross-site scripting vulnerability
Cross-site scripting XSS vulnerability in Jenkins before 1.491, Jenkins LTS before 1.480.1, and Jenkins Enterprise 1.424.x before 1.424.6.13, 1.447.x before 1.447.4.1, and 1.466.x before 1.466.10.1 allows remote authenticated users with write access to inject arbitrary web script or HTML via...