26 matches found
Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference
Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security HES Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud...
iPlatinum iOneView Cross Site Scripting
https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html Date: 04-Apr-2017 Product: iPlatinum iOneView Versions affected: Unknown. Vulnerabilities: 1 Cross-site scripting: http://target/ioneview/admin/main.pl?cmd=alertdocument.cookie...
Moodle 2.4.10 / 2.5.6 / 2.6.3 / 2.7 Account Information Disclosure
https://www.osisecurity.com.au/moodle-url-manipulation-remote-account-information-disclosure.html Date: 04-Apr-2017 Product: Moodle Versions affected: 2.4.10, 2.5.6, 2.6.3, 2.7 and earlier. Vulnerability: Information disclosure. Example: /user/edit.php?id= reveals account owner name 1. Log in to...
Trimble / Manhattan Software IWMS 9.x XXE Injection
https://www.osisecurity.com.au/manhattan-software-iwms-integrated-workplace-management-system-xml-external-entity-xxe-injection-file-disclosure.html Date: 04-Apr-2017 Product: Trimble / Manhattan Software IWMS integrated workplace management system Versions affected: 9.x Vulnerability: XML Extern...
Kaseya VSA 6.5.0.0 XSS / Brute Force
https://www.osisecurity.com.au/kaseya-parameter-reflected-xss-enumeration-and-bruteforce-weakness.html Date: 04-Apr-2017 Software: Kaseya Affected version: Kaseya VSA v6.5.0.0. Vulnerability details: 1. The "forgot password" function at https://target/access/logon.asp reveals whether a username i...
Kaseya VSA 9.02.00.04 Information Disclosure
https://www.osisecurity.com.au/kaseya-information-disclosure-vulnerability.html Date: 04-Apr-2017 Product: Kaseya VSA Versions affected: 9.02.00.04 Vulnerability: Installations of Kaseya contain the following installation page: https://target/install/kaseya.html When the product is installed, it...
SilverStripe CMS 3.1.9 Path Disclosure
https://www.osisecurity.com.au/silverstripe-cms---path-disclosure.html Date: 04-Apr-2017 Product: SilverStripe CMS Versions affected: 3.1.9 and below. Vulnerability: Path disclosure. Example URL: http://target/dev/build/ Path reported: /home/target/publichtml/framework/dev/DebugView.php...
Airwatch 6.1.x / 6.4.x LDAP Injection
https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html Date: 04-Apr-2017 Product: AirWatch Self Service MDM Versions affected: v6.1.x v6.4.x Vulnerability: LDAP injection Example: https://target/DeviceManagement/ URL accepts the following POST parameter...
Tweek!DM Document Management Bypass / SQL Injection
https://www.osisecurity.com.au/tweekdm-document-management-authentication-bypass-sql-injection-vulnerabilities.html Date: 04-Apr-2017 Product: Tweek!DM Document Management Versions affected: Unknown Vulnerabilities: 1 Authentication bypass - the software sends a 301 Location redirect back to the...
AcoraCMS 7.0.0.6 Browser Redirect / Cross Site Scripting
https://www.osisecurity.com.au/acoracms-browser-redirect-and-cross-site-scripting-vulnerabilities.html Date: 04-Apr-2017 Product: AcoraCMS Versions affected: 7.0.0.6 known bugs from 6.0.6 are still present http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt. Vulnerabilities: 1 Arbitrar...
Inchoo Facebook Connect Cross Site Scripting
https://www.osisecurity.com.au/inchoo-facebook-connect-extension-for-magento-parameter-xss.html Date: 04-Apr-2017 Product: Inchoo Facebook Connect Magento Plugin Vulnerability: Reflected cross-site scripting. Details: Within ./app/code/community/Inchoo/Facebook/Block/Channel.php return 'isSecure ...
LanternCMS Cross Site Scripting / SQL Injection
https://www.osisecurity.com.au/lantern-cms-path-disclosure-sql-injection-reflected-xss.html Date: 04-Apr-2017 Product: LanternCMS Versions affected: Unknown Vulnerabilities: 1 Path disclosure By requesting a site with an invalid intSiteI or numRedirectCount:...
Avaya Radvision SCOPIA Desktop SQL Injection
https://www.osisecurity.com.au/avaya-radvision-scopia-desktop-dlgloginowneridjsp-ownerid-sql-injection.html Date: 04-Apr-2017 Product: Avaya Radvision SCOPIA Desktop Versions affected: v7.7.000.042 released in 2011 confirmed v8.2.101.046 relased in 2013 confirmed Vulnerability: Blind SQL injectio...
SmartJobBoard 5.0.9 Cross Site Scripting / Information Disclosure
https://www.osisecurity.com.au/smartjobboard---cross-site-scripting-personal-information-disclosure-and-phpmailer-package.html Date: 04-Apr-2017 Product: SmartJobBoard Versions affected: v5.0.9 and below. Vulnerability: 1 Cross-site scripting vulnerabilities in the following locations and...
Computer Associates (Layer7) API Gateway 7 / 8 / 9 CRLF Response Splitting / Directory Traversal
https://www.osisecurity.com.au/computer-associates-api-gateway-crlf-response-splitting-directory-traversal-vulnerabilities.html Date: 04-Apr-2017 Product: Computer Associates Layer7 API Gateway Versions affected: v7, v8, v9 Vulnerabilities: 1 CRLF Response Splitting...
Squiz Matrix User Account Enumeration
Squiz Matrix - User Account Enumeration http://www.osisecurity.com.au/advisories/squiz-matrix-user-enumeration Release Date: 12-Dec-2011 Software: Squiz - Matrix http://www.squiz.net/ "Squiz Matrix delivers highly flexible and robust business integration engine and application development tools. ...
OSI Security: Squiz Matrix - User Account Enumeration
Squiz Matrix - User Account Enumeration http://www.osisecurity.com.au/advisories/squiz-matrix-user-enumeration Release Date: 12-Dec-2011 Software: Squiz - Matrix http://www.squiz.net/ "Squiz Matrix delivers highly flexible and robust business integration engine and application development tools. ...
OSI Security: Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability
Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability http://www.osisecurity.com.au/advisories/cyberoam-authenticated-cross-site-scripting Release Date: 20-Jul-2011 Software: Elitecore Technologies - Cyberoam http://www.cyberoam.com/ "Cyberoam Unified Threat Management...
Elitecore Cyberoam UTM Cross Site Scripting
Elitecore Cyberoam UTM - Authenticated Cross-Site Scripting Vulnerability http://www.osisecurity.com.au/advisories/cyberoam-authenticated-cross-site-scripting Release Date: 20-Jul-2011 Software: Elitecore Technologies - Cyberoam http://www.cyberoam.com/ "Cyberoam Unified Threat Management...
JFreeChart - Path Disclosure vulnerability
JFreeChart - Path Disclosure http://www.osisecurity.com.au/advisories/jfreechart-path-disclosure Release Date: 17-Jun-2011 Software: JFree.org - JFreeChart http://www.jfree.org/ "A free Java chart library. JFreeChart supports pie charts 2D and 3D, bar charts horizontal and vertical, regular and...