10 matches found
EUVD-2014-8395
Malware in sbrugna...
EUVD-2014-8394
Malware in sbrugna...
CVE-2014-8558
JExperts Channel Platform 5.0.33CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters...
Authentication flaw
JExperts Channel Platform 5.0.33CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters...
CVE-2014-8558
CVE-2014-8558 affects JExperts Channel Platform 5.0.33_CCB. The vulnerability is an authorization bypass where the attacker can tamper with GET parameters named action and key to escalate privileges. authenticated users with restricted access (e.g., read-only) can access other users’ requests or ...
CVE-2014-8558
JExperts Channel Platform 5.0.33CCB allows remote authenticated users to bypass access restrictions via crafted action and key parameters...
CVE-2014-8557
Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...
CVE-2014-8557
CVE-2014-8557 : In the JExperts Channel Platform version 5.0.33_CCB, multiple stored XSS vulnerabilities exist. An attacker can inject arbitrary web script or HTML via the parameter usuario.nome in the action editarUsuario (to usuario.do) or via titulo.form in the action novoChamado (to ticket.do...
CVE-2014-8557
Multiple cross-site scripting XSS vulnerabilities in JExperts Channel Platform 5.0.33CCB allow remote attackers to inject arbitrary web script or HTML via the 1 usuario.nome variable in an editarUsuario action to usuario.do or 2 titulo.form variable in a novoChamado action to ticket.do...