6 matches found
Frappe vulnerable to information disclosure leading to account takeover
Impact Making crafted requests could lead to information disclosure that could further lead to account takeover. Workarounds There's no workaround to fix this without upgrading. Credits Thanks to Thanh of Calif.io for reporting the issue...
PT-2024-2532 · Unknown +6 · Util-Linux +6
Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.40 Description: The wall command in util-linux versions through 2.40 does not properly filter escape sequences received from command line arguments. This allows a local attacker to potentially inject escape...
AssetsSoSimple supplier_admin.php Supplier Field XSS
product: AssetsSoSimple version tested: 0.33 vendor URL: http://assetssosimple.sourceforge.net/ script: supplieradmin.php field: Supplier ooo BugsNotHugs Shared Vulnerability Disclosure Account...
Auto Manager admin.cgi Multiple Field XSS
vendor: interactivetools.com, inc., http://www.interactivetools.com/products/automanager/ product: Auto Manager version: 2.52 script: admin.cgi fields: Vehicle, Year, Price, Drive Train, Transmission, Body, Engine, Description, Color, Miles BugsNotHugs Shared Vulnerability Disclosure Account...
PHProfession 2.5 - modules.php?jcode Cross-Site Scripting
PHProfession 2.5 - modules.php?jcode Cross-Site Scripting source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were...
PHProfession 2.5 - 'upload.php' Direct Request Full Path Disclosure
source: https://www.securityfocus.com/bid/10190/info Multiple vulnerabilities were reported to exist in phProfession, which is a third-party module for PostNuke. Path disclosure, cross-site scripting and SQL injection vulnerabilities were reported. Exploitation of these issues may reveal sensitiv...