81 matches found
CVE-2016-6850
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...
CVE-2016-6842
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents settings. This requires the folder to be shared to the victim. Malicious script code can be executed...
CVE-2016-2840
An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...
Cross site scripting
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be execute...
Design/Logic Flaw
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This c...
Mantis Bug Tracker Filter API view_type Cross Site Scripting (CVE-2016-6837)
A cross-site scripting vulnerability exists in the Filter API component of Mantis Bug Tracker. The vulnerability is due to insufficient input validation on the viewtype parameter in viewallbugpage.php. A remote attacker could exploit this vulnerability by enticing authenticated users to click on ...
phpWebSite 0.7.3/0.8.2/0.8.3/0.9.2 pagemaster Module PAGE_id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/8393/info PHP Website is a web site content management system that allows for easy maintainance and administration of interactive community-driven websites. Cross-site vulnerabilities have been reported in the Calendar,...
Dating Gold 3.0.5 secure.admin.php int_path Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24910/info AzDG Dating Gold is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute an arbitrary...
Prototype of an PHP application 0.1 ident/index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Prototype of an PHP application 0.1 index.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Advanced Poll 2.0.2 Common.Inc.PHP Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19105/info Advanced Poll is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file...
CMS Faethon 1.3.2 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18489/info CMS Faethon is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have an arbitrary remo...
Prototype of an PHP application 0.1 ident/loginmodif.php path_inc Parameter Remote File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/24266/info 'Prototype of an PHP application' is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to...
Bee-hive 1.2 - Multiple Remote File Include Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/18654/info Bee-hive is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input to the application. An attacker may leverage these issues to have an arbitrary remote...
InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious script cod...
Ji-takz Remote File Include Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/18474/info Ji-takz is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input to the application. An attacker may leverage this issue to have an arbitrary remote file...
Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Web Vulnerability
Title: ====== Microsoft SharePoint 2013 Cloud - Persistent Exception Handling Web Vulnerability Date: ===== 2013-09-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=812 Security Bulletin: MS13-067 http://technet.microsoft.com/de-de/security/bulletin/MS13-067 Microsoft...
FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability
Document Title: =============== FTP Sprite v1.2.1 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1007 Release Date: ============= 2013-07-11 Vulnerability Laboratory ID VL-ID: ==================================== 1007...
vBulletin vBShout Mod - Persistent Cross-Site Scripting
vBulletin vBShout Mod - Persistent Cross-Site Scripting Exploit Title: vBShout vBulletin - Stored XSS Vulnerability Google Dork: intext:vBShout Date: 10.07.2013 Exploit Author: 0iZy5 Vendor Homepage: www.backtrack-linux.ro Software Link:...
Paypal Bug Bounty #48 - Persistent Web Vulnerability
Document Title: =============== Paypal Bug Bounty 48 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=830 PayPal Security UID: dyf1f8cejz Release Date: ============= 2013-03-28 Vulnerability Laboratory ID VL-ID:...