Cisco Ironport Email Security Virtual Appliance 8.0.0-671 XSS

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Cisco Ironport Email Security Virtual Appliance Version: 8.0.0-671 II. BACKGROUND ------------------------- Cisco Systems, Inc. is an American multinational corporation headquartered in San Jose, California, that...

InterScan Messaging Security Virtual Appliance 8.5.1.1516 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Attacks vulnerability in InterScan Messaging Security Virtual Appliance 8.5.1.1516 II. DESCRIPTION ------------------------- Has been detected a XSS vulnerability in InterScan Messaging Security Virtual Appliance version 8.5.1.1516. The code injectio...

Urban Dictionary: Open URL Redirection

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Vulnerable Path:...

Cisco Unified Contact Center Express Arbitrary File Upload Vulnerability

A vulnerability in Document Management of Cisco Unified Contact Center Express could allow an authenticated, remote attacker to upload files to arbitrary locations on the filesystem. The vulnerability is due to insufficient parameter validation. An attacker could exploit this vulnerability by...

Slack: URL redirection flaw

An open redirect is an application that takes a parameter and redirects a user to the parameter value without any validation. This vulnerability is used in phishing attacks to get users to visit malicious sites without realizing it. Steps to reproduce: 1 Go to this URL:...

GE Proficy CIMPLICITY CimWebServer File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of GE Proficy CIMPLICITY. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CimWebServer component. This component performs insufficient parameter...

Bugzilla < 4.0.11 / 4.2.7 / 4.4.1 Multiple Vulnerabilities

According to its banner, the version of Bugzilla installed on the remote host is affected by multiple vulnerabilities : - A cross-site request forgery vulnerability exists due to a flaw in token validation in 'processbug.cgi'. Note that this only affects versions 4.4rc1 to 4.4. CVE-2013-1733 - A...

Tipask 2.0 any recharge vulnerability-vulnerability warning-the black bar safety net

Disclosure of status: 2013-06-24: positive contact vendors and wait for manufacturers to claim, details not open to the public 2013-09-22: the vendors have actively ignored vulnerabilities, the details disclosed to the public Brief description: The system does not check passed parameters validity...

Apache OFBiz嵌套表达式任意UEL执行漏洞

Bugtraq ID:61369 CVE ID:CVE-2013-2250 Apache OFBiz是一款开源的ERP系统 Apache OFBiz没有正确校验参数值，如果提供的参数包含JUEL元字符，可导致执行任意统一表达式语言UEL函数 0 Apache OFBiz 10.04.01 - 10.04.05 Apache OFBiz 11.04.01 - 11.04.02 Apache OFBiz 12.04.01 厂商解决方案 Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞，建议用户下载更新： http://ofbiz.apache.o...

CVE-2013-1224

Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...

CVE-2013-1224

CVE-2013-1224 affects Cisco Unified CVP (Resource Manager) prior to 9.0.1 ES 11. A directory traversal flaw allows remote attackers to overwrite arbitrary files by sending crafted HTTP or HTTPS requests that bypass parameter validation (Bug CSCub38369). The issue is tied to the Resource Manager c...

SAP NetWeaver SAPHostControl Command Injection

Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn't sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into t...

Oracle iPlanet Web Server 7.0.x < 7.0.15 Multiple Vulnerabilities

According to its self-reported version, the Oracle iPlanet Web Server formerly Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.15. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting vulnerabilities exist due to parameter...

Design/Logic Flaw

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

Input validation

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...