12 matches found
EUVD-2014-5035
Malware in sbrugna...
EUVD-2014-5036
Malware in sbrugna...
Libstar Intelligent Library Services Platform Has Logic Flaw Vulnerability
Libstar Intelligent Library Service Platform is a library management system that utilizes a service-oriented architecture framework. A logic flaw vulnerability exists in Libstar Intelligent Library Services Platform, which can be exploited by an attacker to reset a user's password...
CVE-2014-5138
Innovative Interfaces Sierra Library Services Platform 1.23 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule...
CVE-2014-5138
CVE-2014-5138 concerns the Sierra Library Services Platform (1.2_3) where the application mishandles multiple instances of the same query parameter, enabling an attacker to bypass parameter validation via crafted requests. The issue is tied to the Webpac Pro submodule in some configurations. Publ...
Sierra Library Services Platform Multiple Vulnerability Disclosure
Product: Sierra Library Services Platform Vendor: Innovative Interfaces Inc Vulnerable Version: 1.23 Tested Version: 1.23 Vendor Notification: June 19, 2014 Public Disclosure: August 26, 2014 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2014-5136 Risk Level: Medium CVSSv2 Ba...
CVE-2014-5136
Cross-site scripting XSS vulnerability in Innovative Interfaces Sierra Library Services Platform 1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
Cross site request forgery (csrf)
Innovative Interfaces Sierra Library Services Platform 1.23 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule...
CVE-2014-5136
Cross-site scripting XSS vulnerability in Innovative Interfaces Sierra Library Services Platform 1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2014-5137
Innovative Interfaces Sierra Library Services Platform 1.23 provides different responses for login request depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of login requests, possibly related to the Webpac Pro submodule...
CVE-2014-5137
The Sierra Library Services Platform (Product: Sierra Library Services Platform; Vendor: Innovative Interfaces Inc) 1.2_3 is affected by CVE-2014-5137 due to a login response discrepancy that differs based on whether a user account exists. This behavior enables remote attackers to enumerate valid...
CVE-2014-5136
Sierra Library Services Platform (Product: Sierra LSP) v1.2_3 is affected by CVE-2014-5136, a reflected cross-site scripting (XSS) vulnerability. The issue arises from unsanitized data in application query parameters, allowing an attacker to inject arbitrary JavaScript in the victim’s browser via...