Zimbra Collaboration Server 8.8.x < 8.8.15 Patch 43, 9.x < 9.0.0 Patch 36, 10.0.x < 10.0.4 Multiple Vulnerabilities

According to its self-reported version number, Zimbra Collaboration Server is affected by multiple vulnerabilities including: - XSS on one of the web endpoints via non sanitised input parameter. CVE-2023-43103 - An attacker can gain access of the logged-in user's mailbox through XSS. CVE-2023-431...

ASP.NET MVC Security Feature Bypass Vulnerability (2990942)

This host is missing an important security update according to Microsoft Bulletin MS14-059. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

VMTurbo Operations Manager '/cgi-bin/vmtadmin.cgi' RCE Vulnerability

VMTurbo Operations Manager is prone to a remote command execution RCE vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

WordPress WooCommerce 2.0.12 Cross Site Scripting

WooCommerce 2.0.12 Persistent XSS Details ============================================================================== Product: WooCommerce 2.0.12 Security-Risk: High Remote-Exploit: yes Vendor-URL: http://www.woothemes.com/woocommerce/ Advisory-Status: NotPublished Credits...

Zoho ManageEngine Support Center Plus Multiple Vulnerabilities

This host is running Zoho ManageEngine Support Center Plus and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmanageenginesupportcenterplusmultvuln.nasl 5988 2017-04-20 09:02:29Z teissa $ Zoho ManageEngine Support Center Plus Multiple Vulnerabilities Authors: Antu Sanadi...

IBM Lotus Domino Cross Site Scripting and Buffer Overflow Vulnerabilities

IBM Lotus Domino Server is prone to cross-site scripting and buffer overflow vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

Redirection vulnerability in MBoard

Vulnerability ID: HTB23029 Reference: http://www.htbridge.ch/advisory/redirectionvulnerabilityinmboard.html Product: MBoard Vendor: PHPJunkyar http://www.phpjunkyard.com Vulnerable Version: 1.3 and probably prior Tested on: 1.3 Vendor Notification: 06 July 2011 Vulnerability Type: Redirection...

SQL injection in Social Slider

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Social Slider, which can be exploited to perform SQL injection attacks. 1 SQL Injection Vulnerability in Social Slider Input passed via the "rA" POST parameter to /wp-content/plugins/social-slider-2/ajax.php is not properly...

Ushahidi 2.0.1 SQL Injection

Ushahidi 2.0.1 range param SQL Injection Vulnerability post-auth Vendor: Ushahidi, Inc. Product web page: http://www.ushahidi.com Affected version: 2.0.1 Tunis Summary: The Ushahidi Platform is a platform for information collection, visualization and interactive mapping. Desc: Input passed via th...

Simploo CMS Community Edition - Remote PHP Code Execution Issue

Details ============= Product: Simploo CMS Community Edition Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.simploo.de/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Affected Products: ============= Simploo CMS 1.7.1 and...

SimpleID 'index.php' Cross Site Scripting Vulnerability

This host is running SimpleID and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbsimpleidxssvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ SimpleID 'index.php' Cross Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright C 2010 Greenbone Networks Gmb...

SineCMS Remote File Inclusion Vulnerability

This host is installed with SineCMS and is prone to Remote File Inclusion vulnerability. OpenVAS Vulnerability Test $Id: gbsinecmsfileinclvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ SineCMS Remote File Inclusion Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 Greenbone Networks GmbH...

Urchin Multiple XSS vuln.

Urchin Multiple XSS vuln. Vuln. discovered by : r0t Date: 1 September 2007 vendor:www.roirevolution.com/urchin/ orginal advisory: http://pridels-team.blogspot.com/2007/09/urchin-5x-multiple-xss-vuln.html affected versions:tested on Urchin v5.6.00r2 other versions also can be affected. Urchin...

Storesprite XSS vuln.

Storesprite XSS vuln. Vuln. discovered by : r0t Date: 10 August 2007 vendor:http://www.storesprite.com/ orginal advisory: http://pridels-team.blogspot.com/2007/08/storesprite-xss-vuln.html affected versions:Storesprite 7 and previous Storesprite contains a flaw that allows a remote Cross-Site...

VisionProject Multiple XSS vuln.

VisionProject Multiple XSS vuln. Vuln. discovered by : r0t Date: 7 August 2007 vendor:www.visionproject.se orginal advsiory: http://pridels-team.blogspot.com/2007/08/visionproject-multiple-xss-vuln.html affected versions:VisionProject 3.1 and previous VisionProject contains a flaw that allows a...

WebDirector XSS vuln.

WebDirector XSS vuln. Vuln. discovered by : r0t Date: 1 August 2007 vendor:www.webdirector.ru orginal advisory: http://pridels-team.blogspot.com/2007/08/webdirector-xss-vuln.html affected versions:2.2 and previous WebDirector contains a flaw that allows a remote Cross-Site Scripting attacks.Input...

webstudio-xss.txt

Application: WebStudio CMS Vendors Url: http://www.bdigital.biz Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities Exploitation: Remote Severity: Less Critical Solution Status: Unpatched Introduction: WebStudio CMS is a web-based CMS system Google Dork: "Powered by...

Adobe Acrobat Reader Plugin 7.0.x - &#039;acroreader&#039; Cross-Site Scripting

Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. Example: -...

[MajorSecurity Advisory #33]ShopSystems - SQL Injection Issue

MajorSecurity Advisory 33ShopSystems - SQL Injection Issue Details ======= Product: ShopSystems Affected Version: = 4.0 Immune Version: none Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.shopsystems.biz Vendor-Status: informed Advisory-Status: published Credits ============...