15 matches found
EUVD-2016-2689
Malware in sbrugna...
EUVD-2016-2690
Malware in sbrugna...
EUVD-2016-2691
Malware in sbrugna...
CVE-2016-1596
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
CVE-2016-1595
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language HQL injection attacks and obtain sensitive information via the entityName parameter...
CVE-2016-1594
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...
Deserialization of untrusted data
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...
Directory traversal
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
CVE-2016-1596
CVE-2016-1596 affects Micro Focus/Novell Service Desk prior to 7.2, where multiple XSS flaws exist. Remote authenticated users can inject arbitrary web script or HTML via (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManuf...
CVE-2016-1593
CVE-2016-1593 affects Micro Focus/Novell Service Desk prior to 7.2. A directory traversal flaw in the import users feature allows a remote authenticated administrator to upload and execute arbitrary JSP files via a .. (dot dot) in a filename in a multipart/form-data POST to LiveTime.woa, enabling...
CVE-2016-1596
Multiple cross-site scripting XSS vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain 1 user name, 2 tfaClientFirstName, 3 tfaClientLastName, 4 taselectedTopicContent, 5 tforgUnitName, 6...
CVE-2016-1593
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. dot dot in a filename within a multipart/form-data POST request to a LiveTime.woa URL...
CVE-2016-1594
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a 1 downloadLogFiles or 2 downloadFile action...