925 matches found
CVE-2015-4714
Cross-site scripting XSS vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body...
Unspecified Elevation of Privilege Vulnerability in Cisco Unified Communications Manager
Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. An elevation of privilege vulnerability exists in Cisco Unified Communications Manager that allows a local attacker to inject malicious parameters and execute with root privileges, due to the...
TWiki 'debugenableplugins' Parameter RCE
The version of TWiki installed on the remote host is affected by a remote code execution vulnerability due to a failure to properly sanitize user-supplied input to the 'debugenableplugins' parameter upon submission to the 'view' script. A remote, unauthenticated attacker can exploit this issue to...
CVE-2015-0279
JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language EL expressions and execute arbitrary Java code via the do parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the 1 bt, 2 variable, or 3 et parameter to myspeed/db/historyitem...
CVE-2015-2043
Multiple cross-site scripting XSS vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the 1 bt, 2 variable, or 3 et parameter to myspeed/db/historyitem...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the 1 page, 2 c, or 3 redirect parameter to index.php or 4 search field searchTerm parameter in the main page...
[ MDVSA-2014:237 ] perl-Mojolicious
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:237 http://www.mandriva.com/en/support/security/ Package : perl-Mojolicious Date : November 28, 2014 Affected: Business Server 1.0 Problem Description: Updated perl-Mojolicious package fixes security...
Mandriva Linux Security Advisory : perl-Mojolicious (MDVSA-2014:237)
Updated perl-Mojolicious package fixes security vulnerability : An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...
MGASA-2014-0488 Updated perl-Mojolicious packages fix a security vulnerability
Updated perl-Mojolicious package fixes security vulnerability: An assumption in Mojolicious before 5.48 CGI parameter handling that can result in parameter injection attacks...
Fedora 21 : perl-Mojolicious-5.49-1.fc21 (2014-12716)
This version of Mojolicious fixes an assumption in CGI's parameter handling that can result in parameter injection attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...
Fedora 20 : perl-Mojolicious-5.49-1.fc20 (2014-12719)
This version of Mojolicious fixes an assumption in CGI's parameter handling that can result in parameter injection attacks. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Microcart 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or 2 query string to admin/index.php or 3 firstname, 4 lastname, 5 cc, 6 exp, 7 cvv, 8 address1, 9 address2, 10 city, 11 state, 12 zip, 13 phone, or ...
CVE-2014-3492
Multiple cross-site scripting XSS vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter 1 name or 2 value related to the host...
SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ This module is based...
CVE-2013-7368
Multiple cross-site scripting XSS vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnewtemplate parameter to 1 users/profile.php, 2 articles/index.php, or 3 admin/polls.php; 4 categoryid parameter to news/submit.php; newsid parameter to 5...
Ecmall a built Station template, search box SQL injection-vulnerability warning-the black bar safety net
http://www.tuutao.com/index.php soil Amoy network With the Ecmall of the establishment of the station template, this template should be all pass to kill. There is a search box injection, the injection point is: http://www.tuutao.com/index.php?app=store&act=search&id=4 5&keyword=aaa&minprice=1 0...
Automated NoSQL Database Injection Attacks: NoSQLMap
NoSQLMap is an open source Python tool designed to audit for as well as automate injection attacks and exploit default configuration weaknesses in NoSQL databases as well as web applications using NoSQL in order to disclose data from the database. It is named as a tribute to Bernardo Damele and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 interface, 3 name, or 4 tabmodule parameter to index.php...
CVE-2013-3895
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...