8 matches found
ArcGIS for Server Vulnerability Disclosure
Product: ArcGIS for Server Vendor: ESRI Vulnerable Version: 10.1.1 Tested Version: 10.1.1 Vendor Notification: June 19, 2014 Public Disclosure: August 15, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5121 Risk Level: Medium CVSSv2 Base Score: 4.3...
PT-2014-6294 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server version 10.1.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which can lead to cross-site scripting XSS attacks. Recommendations: For ESRI ArcGIS for...
PT-2014-6295 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server version 10.1.1 Description: The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to login. This can be exploited to trick users in...
CVE-2013-7231
Cross-site scripting XSS vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222...
PT-2013-5455 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server version 10.1 Description: The issue allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, which can lead to cross-site scripting XSS attacks. Recommendations: For ESRI ArcGIS...
PT-2013-6299 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions through 10.2 Description: The issue allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service. This can be exploited by providing malicious input to the...
PT-2013-6298 · Esri · Esri Arcgis For Server
Name of the Vulnerable Software and Affected Versions: ESRI ArcGIS for Server versions 10.1 through 10.2 Description: A cross-site scripting XSS issue exists, allowing remote authenticated users to inject arbitrary web script or HTML. This can be achieved via unspecified vectors. Recommendations:...
CVE-2013-5221
The CVE-2013-5221 issue affects Esri ArcGIS for Server (versions 10.1–10.2) via the mobile-upload feature. Remote authenticated users who have publisher or administrator privileges can upload executable (.exe) files, representing an unrestricted file upload risk. The reported impact is limited to...