OSTicket 1.2/1.3 - Multiple Input Validation and Remote Code Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

No description provided by source. ?php / ----------------------------------------------------------------------- Dokeos LMS = 1.8.5 whoisonline.php Remote PHP Code Injection Exploit ----------------------------------------------------------------------- author...: EgiX mail.....:...

TikiWiki Project 1.8 User Profile Multiple Option Arbitrary Remote Code Injection

No description provided by source. source: http://www.securityfocus.com/bid/10100/info Multiple vulnerabilities have been identified in various modules of the application. These vulnerabilities may allow a remote attacker to carry out various attacks such as path disclosure, cross-site scripting,...

CVE-2014-4304

CVE-2014-4304 describes a cross-site scripting (XSS) flaw in SQL Buddy ≤1.3.3, specifically in browse.php where the table parameter can be exploited to inject arbitrary web script or HTML. The vulnerability arises from improper handling of the table parameter, enabling remote attackers to execute...

Cross site scripting

Cross-site scripting XSS vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin...

openSUSE Security Update : perl-HTTP-Body (openSUSE-SU-2014:0433-1)

perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2014-247...

CVE-2014-3924

CVE-2014-3924 affects Webmin &lt; 1.690 and Usermin

CVE-2013-4430

Cross-site scripting XSS vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/web.php...

CVE-2013-1407

The CVE-2013-1407 vulnerabilities affect the WordPress plugin Events Manager and the Events Manager Pro plugin, with multiple input vectors (scope, _wpnonce, user_name, dbem_phone, user_email, booking_comment) leading to XSS . Root cause: insufficient input validation/filtration in the index.php ...

CVE-2014-3207

Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...

CVE-2014-0362

CVE-2014-0362 describes an XSS flaw in Google Search Appliance (GSA) where input reflected into a [removed] block becomes executable when dynamic navigation is enabled. Affected products are GSA versions earlier than 7.0.14.G.216 and 7.2 earlier than 7.2.0.G.114. The impact is remote script execu...

CVE-2014-2260

The provided Connected documents confirm CVE-2014-2260 affects Ajenti 1.2.13, with an XSS vulnerability in plugins/main/content/js/ajenti.coffee that allows remote authenticated users to inject arbitrary web script or HTML via the command field in Cron. The root cause is inadequate input handling...

CVE-2011-4193

CVE-2011-4193 describes a Cross-site scripting (XSS) flaw in the overlay files tab of SUSE Studio Onsite 1.2 before 1.2.1 and SUSE Studio Extension for System z 1.2 before 1.2.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted application, related to...

CVE-2013-7368

CVE-2013-7368 concerns multiple XSS vulnerabilities in Gnew 2013.1. The NVD entry states that remote attackers can inject arbitrary script/HTML via the gnew_template parameter across several pages (users/profile.php, articles/index.php, admin/polls.php; category_id for news/submit.php; news_id fo...

CVE-2014-0157

Cross-site scripting XSS vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard aka Horizon 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to inject arbitrary web script or HTML via the description field of a Heat template...

CVE-2014-0509

CVE-2014-0509 describes a cross-site scripting (XSS) vulnerability in Adobe Flash Player and Adobe AIR products prior to the listed versions. Affected: Flash Player on Windows/macOS (before 11.7.700.275 and 11.8.x–13.0.x before 13.0.0.182), Flash Player on Linux (before 11.2.202.350), and Adobe A...

CVE-2011-4958

CVE-2011-4958 describes a cross-site scripting (XSS) vulnerability in the SSViewer.php process function of SilverStripe. The flaw allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to template placeholders in affected releases: SilverStripe &lt; 2.3.13 and SilverS...

SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 (perl-HTTP-Body)

Check for the Version of perl-HTTP-Body OpenVAS Vulnerability Test $Id: gbsuse201404331.nasl 8044 2017-12-08 08:32:49Z santu $ SuSE Update for perl-HTTP-Body openSUSE-SU-2014:0433-1 perl-HTTP-Body Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH,...

openSUSE: Security Advisory for perl-HTTP-Body (openSUSE-SU-2014:0433-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-1770

Cross-site scripting XSS vulnerability in viewsview.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the viewname parameter...