DEBIAN-CVE-2014-5025

Cross-site scripting XSS vulnerability in datasources.php in Cacti 0.8.8b allows remote authenticated users with console access to inject arbitrary web script or HTML via the namecache parameter in a dsedit action...

CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

UBUNTU-CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

CVE-2014-5026

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a 1 Graph Tree Title in a delete or 2 edit action; 3 CDEF Name, 4 Data Input Method Name, or 5 Host Templates Name in a delete action; ...

Stack overflow

Stack-based buffer overflow in SAP Crystal Reports allows remote attackers to execute arbitrary code via a crafted data source string in an RPT file...

SAP Crystal Reports Datasource Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...

CSWorks Software Framework SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of CSWorks. Authentication is not required to exploit this vulnerability. The specific flaw exists within the data source templating. CSWorks does not properly sanitize or validate the data used to...

Hosting Controller 1.x DSNManager Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4759/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The DSNManager script does not sufficiently filter...

CVE-2013-6221

creationtimestamp| type| source ---|---|--- 2014-06-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33891 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/hpautopasslicensetraversal.rb 2025-02-06...

CVE-2014-3914

creationtimestamp| type| source ---|---|--- 2014-06-18 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/33807 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/rocketservergraphfilerequestorrce.rb 2025-02-06...

CVE-2013-4984

creationtimestamp| type| source ---|---|--- 2013-09-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28175 2013-09-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/28332 2018-05-29 15:50:33+00:00| seen|...

CVE-2013-0108

creationtimestamp| type| source ---|---|--- 2013-03-13 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/24745 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/honeywellhscremotedeployexec.rb 2025-02-06...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

Improper access control

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

CVE-2013-0651

The CVE-2013-0651 issue affects GE Intelligent Platforms Proficy Real-Time Information Portal. A misconfiguration in the Portal installation places sensitive files under the web root with insufficient access control, allowing unauthenticated remote retrieval of configuration data and data-source ...

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote attackers to read configuration files, and discover data-source credentials, via a direct request...

php-Charts Arbitrary PHP Code Execution Vulnerability

Exploit for php platform in category web applications =============================================================== Vulnerable Software: php-chartv1.0 Official Site: http://php-charts.com/ Vuln: PHP Code Execution. =============================================================== Tested On: Debia...

Scientific Linux Security Update : sysstat on SL5.x i386/x86_64

The sysstat package contains a set of utilities which enable system monitoring of disks, network, and other I/O activity. It was found that the sysstat initscript created a temporary file in an insecure way. A local attacker could use this flaw to create arbitrary files via a symbolic link attack...