67 matches found
ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities
Overview ManageEngine OpStor Build 8300 and earlier contain multiple vulnerabilities. Description CWE-472: External Control of Assumed-Immutable Web ParameterIt has been reported that the 'Properties.do?name=' module is vulnerable to an ‘unauthorized function call’ caused by server failing to...
TomatoCart 1.x Unrestricted File Creation
TomatoCart 1.x versions are susceptible to an unrestricted file creation vulnerability. 1. OVERVIEW TomatoCart 1.x versions are vulnerable to Unrestricted File Creation. 2. BACKGROUND TomatoCart is an innovative Open Source shopping cart solution developed by Wuxi Elootec Technology Co., Ltd. It ...
CubeCart 5.0.7 and lower versions | Insecure Backup File Handling
OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that...
CubeCart 5.0.7 Insecure Backup Handling
OVERVIEW CubeCart 5.0.7 and lower versions are vulnerable to Insecure Backup File Handling which leads to the disclosure of the application configuration file. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that...
CubeCart 3.0.20 SQL Injection
OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to SQL Injection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online...
Open-Realty 2.5.8 Cross Site Request Forgery
OVERVIEW Open-Realty 2.5.8 and lower versions are vulnerable to Cross Site Request Forgery. 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site...
SOL13993 - Cross-site URL redirection attack vulnerability CVE-2009-4017
Vulnerability Recommended Actions Upgrade FirePass to the latest hotfix. Acknowledgements F5 would like to acknowledge Aung Khant of YGN Ethical Hacker Group, Myanmar for bringing this issue to our attention, and for following the highest standards of responsible disclosure. Supplemental...
F5 FirePass SSL VPN Open URL Redirection
OVERVIEW F5 FirePass SSL VPN is vulnerable to Open URL Redirection. 2. BACKGROUND F5 FirePass SSL VPN provides secure remote access to enterprise applications and data for users over any device or network while protecting your corporate. See http://www.f5.com/pdf/products/firepass-overview.pdf...
SilverStripe 2.4.7 Cross Site Scripting
OVERVIEW SilverStripe 2.4.7 and lower versions are vulnerable to Persistent Cross Site Scripting. 2. BACKGROUND SilverStripe CMS is easy for both developers and content authors to work with. The SilverStripe Framework keeps the code tucked away neatly so that it can be accessed easily by...
ocPoral CMS 8.x | Session Hijacking Vulnerability
OVERVIEW ocPoral CMS 8.x and lower versions are vulnerable to Session Hijacking flaw which could allow attackers to compromise administrator session. 2. PRODUCT DESCRIPTION ocPortal is the website Content Management System a CMS for building and maintaining a dynamic website. ocPortal's powerful...
Acuity CMS 2.6.x Directory Traversal
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...
Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for...
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration RTC server for instant...
Acuity CMS 2.6.x <= Cross Site Scripting
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION...
Acuity CMS 2.6.x Cross Site Scripting
OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION...
Joomla Beatz 1.x Cross Site Scripting
OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for...
OxWall 1.1.1 <= Multiple Cross Site Scripting Vulnerabilities
OVERVIEW OxWall 1.1.1 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Oxwall is a free open source software package for building social networks, family sites and collaboration systems. It is a flexible community website engine developed with the aim to provide people...
CubeCart 3.0.20 (3.0.x) and lower | Open URL Redirection Vulnerability [Updated]
OVERVIEW The CubeCart 3.0.20 and lower versions are vulnerable to Open URL Redirection. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful...
vTiger CRM 5.2.1 Blind SQL Injection
vTiger CRM 5.2.x = Blind SQL Injection Vulnerability 1. OVERVIEW The vTiger CRM 5.2.1 and lower versions are vulnerable to Blind SQL Injection. No fixed version has been released as of 2011-10-05. 2. BACKGROUND vtiger CRM is a free, full-featured, 100% Open Source CRM software ideal for small and...
Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities
No description provided by source. 1. OVERVIEW Joomla! 1.7.0 stable version is vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets. It comprises a...