Cross site scripting

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting XSS attacks via the oninput event handler in the fname parameter to the default URI in /reg...

CVE-2014-1224

CVE-2014-1224 affects rexx Recruitment (R6.1 and R7) with an incomplete blacklist that does not remove the oninput event handler from user input in /reg, enabling remote XSS via the fname field. The root cause is failure to neutralize unknown HTML/JS event handlers in user-supplied data; a proof-...

OmniPCX Office远程信息泄露漏洞

BUGTRAQ ID: 28758 CVECAN ID: CVE-2008-1331 阿尔卡特的OmniPCX Office是一套为中小型企业设计的统一通信解决方案。 OmniPCX Office的Internet Access服务所使用的一个CGI脚本没有正确地过滤某些特定参数，允许远程攻击者从Internet检索敏感信息。 Alcatel-Lucent OmniPCX Office = 210/061.1 临时解决方法： 如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁： 禁止从Internet的WBM/WCA访问 对于R2.1到R4.1版本：...