Mitel AWC Unauthenticated Command Execution

No description provided by source. http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-14 PR10-14 Unauthenticated command execution within Mitel's AWC Mitel Audio and Web Conferencing Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 201...

PR10-17 Various XSS and information disclosure flaws within KeyFax response management system

PR10-17: Various XSS and information disclosure flaws within KeyFax response management system http://www.omfax.co.uk Vulnerability found: 25th August 2010 Vendor informed: Vulnerability fixed: Severity: Medium/High Description: KeyFax response management system provides professional management o...

Mitel AWC Unauthenticated Command Execution

Exploit for cgi platform in category web applications PR10-14 Unauthenticated command execution within Mitel's AWC Mitel Audio and Web Conferencing Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 2010 Vendor informed: Monday, 26 July 2010 Severity...

Mitel AWC - Command Execution

Mitel AWC - Command Execution http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-14 PR10-14 Unauthenticated command execution within Mitel's AWC Mitel Audio and Web Conferencing Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 2010...

PHP Universal Web Messenger Cross-Domain Redirect

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-06 PR10-06 Cross-domain redirect on PGP Universal Web Messenger Advisory publicly released: Thursday, 16 December 2010 Vulnerability found: Wednesday, 10 February 2010 Vendor informed: Wednesday, 10 February 2010 Vulnerability...

DotNetNuke CMS Cross Site Scripting

PR10-19 DotNetNuke CMS XSS Advisory publicly released: Friday, 3 December 2010 Vulnerability found: Saturday, 30 October 2010 Vendor informed: Monday, 1 November 2010 Severity level: Low/Medium Credits Richard Brain of ProCheckUp Ltd www.procheckup.com Description DotNetNuke is a Content Manageme...

PR10-07: Unauthenticated File Retrieval (traversal) within ColdFusion administration console

PR10-07: Unauthenticated File Retrieval traversal within ColdFusion administration console Vulnerability found: 17th April 2010 Vendor informed: 19th April 2010 Vulnerability fixed: 10th August 2010 Severity: High Description: Adobe ColdFusion is a easy to use and very widely adopted Programming...

PR09-19: Cross-Site Scripting (XSS) on CommonSpot server

PR09-19: Cross-Site Scripting XSS on CommonSpot server Vulnerability found: 17th December 2009 Vendor informed: 18th December 2009 Severity: Medium Successfully tested on: Commonspot server http://www.paperthin.com/ Description: Commonspot server is vulnerable to a vanilla XSS Vulnerable...

PR09-15: XSS injection vulnerability within HP System Management Homepage (Insight Manager)

PR09-15: XSS injection vulnerability within HP System Management Homepage Insight Manager Vulnerability found: 11th October 2009 Severity: Medium Description: A XSS vulnerability has been found within HP System Management; Arising from insufficient input filtering. By using a specially-crafted...

Various Orion application application server example pages are vulnerable to XSS.

R08-08: Several XSS on Orion Application server 2.0 to 2.0.8 Vulnerability found: May 2008 Revalidated 23 July 2009 Vendor informed: 27th July 09 Vulnerability fixed: Severity: Medium Description: Various Orion application application server example pages are vulnerable to XSS. Orion application...

PR07-11: Cross-site Request Forgery (CSRF) on Sun Java System Identity Manager

PR07-11: Cross-site Request Forgery CSRF on Sun Java System Identity Manager Date Found: 11th June 2007 Vendor Contacted: 18th June 2007 Date Public: 10th November 2008 Severity: Medium/High Credits: Adrian Pastor and Jan Fry of ProCheckUp Ltd www.procheckup.com. ProCheckUp thanks Sun for working...

PR07-41: XSS on Juniper Networks Secure Access 2000

PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...

ProCheckUp Security Advisory 2007.41

PR07-41: XSS on Juniper Networks Secure Access 2000 Vulnerability found: 6th December 2007 Vendor informed: 12th December 2007 Severity: Medium-high Description: Juniper Networks Secure Access 2000 is vulnerable to a vanilla XSS. Vulnerable server-side script: '/dana-na/auth/rdremediate.cgi'...

ProCheckUp Security Advisory 2008.1

PR08-01: Several XSS, a cross-domain redirect and a webroot disclosure on Spyce - Python Server Pages PSP Vulnerability found: 19th December 2007 Vendor informed: 14th January 2007 Vulnerability fixed: the vendor did not respond, however a workaround has been included in the "Fix" section of this...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...

ProCheckUp Security Advisory 2007.15

PR07-15: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.logon.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass versions 6...

PR07-14: Cross-site Scripting (XSS) / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script

PR07-14: Cross-site Scripting XSS / HTML injection on F5 FirePass 4100 SSL VPN 'my.activation.php3' server-side script Date Found: 19th June 2007 Successfully tested on: version 5.5.2 F5 Networks has confirmed the following versions to be vulnerable: FirePass versions 5.4.1 - 5.5.2 FirePass...

PR07-02: XSS on Liferay Portal Enterprise 4.1.1 login page ('login' parameter)

Date Found: 6th March 2007 Vendor informed: 26th June 2007 Description: Liferay Portal login page is vulnerable to Cross-Site Scripting within the "login" field processed by the "/c/portal/login" server-side script. Consequences: An attacker may be able to cause the execution of malicious script...

PR07-23: Non-persistent Cross-site Scripting (XSS) on Absolute Poll Manager XE admin page

Date Found: 10th April 2007 Vendor informed: 4th July 2007 Successfully tested on: Absolute Poll Manager XE - Version 4.1. Earlier versions are possibly affected as well but have NOT been tested. Description: Absolute Poll Manager XE is vulnerable to a vanilla XSS within the...

IBMWAS-XSS.txt

Title: Cross Site Scripting XSS Vulnerability in IBM WebSphere Application Server ProCheckUp Security Bulletin Description: IBM WebSphere Application Server is vulnerable to Cross Site Scripting through a 'faultfactor' tag in the 500 Internal Server Error page on port 8880 default SOAP port. Date...