7426 matches found
CVE-2014-7192
Removed by vendor...
CHARGE Anywhere Breached, Plain Text Data Accessed
CHARGE Anywhere, a New Jersey-based developer of payment gateway and mobile payment applications, on Tuesday disclosed that it had been breached and that hackers had access to transactions leaving its network, perhaps going back as far as 2009. Most of the traffic was encrypted, the company said ...
JVN#13160869: Chyrp vulnerable to cross-site scripting
Chyrp is a blogging engine. Chyrp contains a cross-site scripting vulnerability. Impact An arbitrary script which may be embedded by an authenticated attacker could be executed on the Admin user's web browser. Solution Update the software Update to the latest version according to the information...
Gogs Markdown Renderer Cross Site Scripting Vulnerability
Gogs markdown renderer suffers from a cross site scripting vulnerability. Versions 0.3.1-9-g49dc57e are affected. XSS in Gogs Markdown Renderer ============================= Researcher: Timo Schmid Description =========== GogsGo Git Service is a painless self-hosted Git Service written in Go. tak...
Another Wordpress Classifieds Plugin - SQL Injection
No description provided by source. Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injection Details: The parameter...
Another Wordpress Classifieds Plugin - SQL Injection Vulnerability
Another WordPress Classifieds plugin suffers from cross site scripting and remote SQL injection vulnerabilities. Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download:...
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injectio...
IL and CSRF vulnerabilities in D-Link DAP-1360
Hello 3APA3A! There are Information Leakage and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This model with other...
WordPress Plugin Another WordPress Classifieds Plugin - SQL Injection
Exploit Title: Another Wordpress Classifieds Plugin sql injection and Cross Site Scripting Author: dill download: https://wordpress.org/plugins/another-wordpress-classifieds-plugin/Client Webpage: http://awpcp.com/ SQL injection Details: The parameter “keywordphrase” is susceptible to a time-base...
RHEL 6 : devtoolset-2-axis (RHSA-2014:1123)
An updated devtoolset-2-axis package that fixes one security issue is now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
RHEL 6 : devtoolset-2-httpcomponents-client (RHSA-2014:1098)
Updated devtoolset-2-httpcomponents-client packages that fix one security issue are now available for Red Hat Developer Toolset 2. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
D-Link DAP-1360 Abuse / Cross Site Request Forgery
D-Link DAP-1360 suffers from cross site request forgery, abuse of functionality, and brute force vulnerabilities. There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected...
D-Link DAP-1360 Abuse / Cross Site Request Forgery
Hello list! There are Abuse of Functionality, Brute Force and Cross-Site Request Forgery vulnerabilities in D-Link DAP-1360 Wi-Fi Access Point and Router. ------------------------- Affected products: ------------------------- Vulnerable is the next model: D-Link DAP-1360, Firmware 1.0.0. This mod...
FreeBSD : phpMyAdmin -- XSS vulnerabilities in SQL debug output and server monitor page. (25b78f04-59c8-11e4-b711-6805ca0b3d42)
The phpMyAdmin development team reports : With a crafted database or table name it is possible to trigger an XSS in SQL debug output when enabled and in server monitor page when viewing and analysing executed queries. This vulnerability can be triggered only by someone who is logged in to...
CVE-2014-5423
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...
Design/Logic Flaw
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary 1 debugging file or 2 developer file...
CVE-2014-8313
Eval injection in ide/core/base/server/net.xsjs in the Developer Workbench in SAP HANA allows remote attackers to execute arbitrary XSJX code via unspecified vectors...
CVE-2014-8314
CVE-2014-8314 affects SAP HANA Developer Edition Revision 70 with two reflected XSS vectors in the democontent: epm/admin/DataGen.xsjs and epm/services/multiply.xsjs, enabling remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry rates the impact as partia...
CVE-2014-8313
The CVE-2014-8313 entry describes an evaluation (XSJX eval) injection flaw in SAP HANA’s Developer Workbench, specifically in ide/core/base/server/net.xsjs, enabling remote code execution through unspecified vectors. The vulnerability affects the Developer Workbench component of SAP HANA and is t...
[SECURITY] [DLA 58-2] apt regression fix
Package : apt Version : 0.8.10.3+squeeze6 CVE ID : CVE-2014-6273 This update fixes a regression introduced in 0.8.10.3+squeeze5 where apt would send invalid HTTP requests when sending If-Range queries. Thanks to Steven McDonald who reported1 the regression and to Michael Vogt for having uploaded ...