CVE-2015-5371

CVE-2015-5371 concerns SolarWinds Storage Manager. The vulnerability lies in the AuthenticationFilter class, enabling an unauthenticated remote attacker to upload arbitrary scripts via unspecified vectors and execute code with SYSTEM privileges. Public references include ZDI-15-275 and related ad...

IBM Security SiteProtector System Cross-Site Scripting Vulnerability

IBM Security SiteProtector System is a centralized management system that unifies the management and analysis of network, server and endpoint security agents. A cross-site scripting vulnerability exists in IBM Security SiteProtector System. This vulnerability could be exploited by an attacker to...

KLA10561 Code injection vulnerability in Microsoft Sharepoint

An XSS vulnerabilities were found in Microsoft Sharepoint. By exploiting these vulnerabilities malicious users can inject arbitrary scripts. These vulnerabilities can be exploited remotely via a specially designed request. Original advisories MS15-036 CVE-2015-1653 CVE-2015-1640 Related products...

ESF pfSense status_captiveportal Cross Site Scripting (CVE-2015-2294)

A cross-site scripting vulnerability has been reported in Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the zone variable in the statuscaptiveportal page. A remote attacker can exploit the XSS vulnerability to execute arbitrary scripts in the user...

Firefox ESR 31.x < 31.6 Multiple Vulnerabilities (Mac OS X)

The version of Firefox ESR 31.x installed on the remote Mac OS X host is prior to 31.6. It is, therefore, affected by the following vulnerabilities : - A privilege escalation vulnerability exists which relates to anchor navigation. A remote attacker can exploit this to bypass same-origin policy...

Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability (Mar 2015) - Mac OS X

Mozilla Firefox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox...

Mozilla Firefox SVG Navigation Privilege Escalation Vulnerability (Mar 2015) - Windows

Mozilla Firefox is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox...

SuSE 11.3 Security Update : Mozilla Firefox (SAT Patch Number 10524)

Mozilla Firefox was updated to the 31.5.3ESR release to fix two security vulnerabilities : - Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation JIT and its...

Firefox < 36.0.4 SVG Bypass Privilege Escalation (Mac OS X)

The version of Mozilla Firefox installed on the remote Mac OS X host is prior to 36.0.4. It is, therefore, affected by a privilege escalation vulnerability due to a flaw within 'docshell/base/nsDocShell.cpp', which relates to SVG format content navigation. A remote attacker can exploit this to...

IBM Rational Focal Point HTML Injection Vulnerability (CNVD-2015-01907)

IBM Rational Focal Point is a Web-based product management system for IBM Rational with a built-in customer- and market-oriented product management process that provides workflow automation, information relevance analysis, statistical analysis of information, and prioritization analysis of...

HP ArcSight contains multiple vulnerabilities

Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...

Multiple Cross-Site Scripting Vulnerabilities in WordPress Plugin WP Media Cleaner

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities in the WordPress plugin WP Media Cleaner allow allow remote attackers to inject...

HelpDezk Multiple Vulnerabilities (Mar 2015)

HelpDezk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability

IBM Maximo Asset Management is a suite of IT asset management solutions from IBM USA. A cross-site scripting vulnerability exists in IBM Maximo Asset Management that allows a remote, authenticated user to inject arbitrary web script or HTML via unspecified vector 7...

Multiple Cross-Site Scripting Vulnerabilities in Smoothwall Express

Smoothwall Express is a set of routing and firewall software for Linux-based systems. The software provides routing, firewall, NAT, VPN, IDS, dynamic DNS, internal and external network access control, network traffic control and monitoring, as well as logging and other functions. Smoothwall Expre...

Microsoft Window Audio Service Privilege Escalation Vulnerability (3005607)

This host is missing an important security update according to Microsoft Bulletin MS14-071. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

BirdBlog vulnerable to cross-site scripting

Overview BirdBlog is a weblog software. BirdBlog contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

jenkins: cross-site scripting flaw in Jenkins core (SECURITY-143)

Cross-site scripting XSS vulnerability in Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

LittleSite 0.1 - index.php Local File Inclusion

LittleSite 0.1 - index.php Local File Inclusion source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...

LittleSite 0.1 - &#039;index.php&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts i...