11 matches found
EUVD-2006-1440
Malware in sbrugna...
EUVD-2006-1441
Malware in sbrugna...
XML External Entity (XXE)
WSO2 Carbon Event Publisher is vulnerable to XML External Entity. The vulnerability exists in event receiver and publisher configurations due to not enabling the secure processing feature for XML parsing which allows an attacker to cause parse malicious XML into the system...
[SA19727] @1 Event Publisher Multiple Vulnerabilities
TITLE: @1 Event Publisher Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19727 VERIFY ADVISORY: http://secunia.com/advisories/19727/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: @1 Event Publisher...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...
CVE-2006-1436
Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
CVE-2006-1436
CVE-2006-1436 describes multiple cross-site scripting (XSS) vulnerabilities in the UPOINT @1 Event Publisher. The issue allows remote attackers to inject arbitrary web script or HTML via the following fields: Event, Description, Time, Website, and Public Remarks, targeting both the admin page (ev...
CVE-2006-1437
The CVE-2006-1437 entry concerns UPOINT @1 Event Publisher where sensitive information is stored under the web document root with insufficient access control. This allows remote attackers to read private comments by requesting eventpublisher.txt directly. Concrete details present in connected reco...
CVE-2006-1436
Multiple cross-site scripting XSS vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the 1 Event, 2 Description, 3 Time, 4 Website, and 5 Public Remarks fields to a eventpublisheradmin.htm and b eventpublisherusersubmit.htm...