up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery (Add Admin)

up.time 7.5.0 - Cross-Site Scripting Cross-Site Request Forgery Add Admin up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software...

MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)

The remote Windows host is affected by an elevation of privilege vulnerability in the Universal Description, Discovery, and Integration UDDI Services component due to improper validation and sanitization of user-supplied input to the 'searchID' parameter of the 'explorer' frame in frames.aspx. A...

MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) (uncredentialed check)

The remote Windows host is affected by an elevation of privilege vulnerability in the Universal Description, Discovery, and Integration UDDI Services component due to improper validation and sanitization of user-supplied input to the 'searchID' parameter of the 'explorer' frame in frames.aspx. A...

Microsoft Windows UDDI Services CVE-2015-2475 Cross Site Scripting Vulnerability

Description Microsoft Windows UDDI Services is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Apple iTunes U - Persistent POST Inject Web Vulnerability

Document Title: =============== Apple iTunes U - Persistent POST Inject Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1532 Apple ID: 624515538 Release Date: ============= 2015-08-11 Vulnerability Laboratory ID VL-ID:...

Firefox < 39.0.3 PDF Reader Arbitrary File Access (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 39.0.3. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitiv...

Firefox ESR < 38.1.1 PDF Reader Arbitrary File Access

The version of Firefox ESR installed on the remote Windows host is prior to 38.1.1. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to...

Novell GroupWise WebAccess Cross-Site Scripting (CVE-2014-0611)

A cross-site scripting vulnerability exists in Novell GroupWise WebAccess. The vulnerability is due to lack of input validation when handling email attachments. A remote, unauthenticated attacker can exploit this vulnerability by enticing a target user to view crafted web content. A successful...

Reflected Cross-Site Scripting (XSS) in iTop

High-Tech Bridge Security Research Lab discovered vulnerability in iTop, which can be exploited to perform Cross-Site Scripting XSS attacks against web application users. iTop is a critical application, which is used to cover the entire set of ITIL processes. Successful attack on this web...

Apple Patches Remote 'Invoice Vulnerability' in iTunes, App Store

Apple recently patched a serious issue in its App Store and iTunes Store web app that could have let a remote attacker inject malicious script into invoices that come from Apple and subsequently lead to session hijacking, phishing, and redirect. The vulnerability was unearthed in June by Benjamin...

Critical Persistent Injection Vulnerability in Apple App Store and iTunes

A critical vulnerability has been discovered in the official Apple’s App Store and iTunes Store, affecting millions of Apple users. Vulnerability-Lab Founder and security researcher Benjamin Kunz Mejri discovered an Application-Side input validation web vulnerability that actually resides in the...

Apple iTunes & AppStore - Persistent Invoice Vulnerability

Document Title: =============== Apple iTunes & AppStore - Persistent Invoice Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1512 Apple Security ID: 623920272 Video: http://www.vulnerability-lab.com/getcontent.php?id=1517 Vulnerability...

AdHocMate v1.0 iOS - Persistent Mail Encode Vulnerability

Document Title: =============== AdHocMate v1.0 iOS - Persistent Mail Encode Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1559 Release Date: ============= 2015-07-27 Vulnerability Laboratory ID VL-ID: ====================================...

Microsoft Word - Local Machine Zone Code Execution (MS15-022)

Exploit Title: Microsoft Word Local Machine Zone Remote Code Execution Vulnerability Date: July 15th, 2015 Exploit Author: Eduardo Braun Prado Vendor Homepage : http://www.microsoft.com Version: 2007 Tested on: Microsoft Windows XP, 2003, Vista, 2008, 7, 8, 8.1 CVE: CVE-2015-0097 Original Advisor...

PFSense 2.2.2 Cross Site Scripting

I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in PFSense Version 2.2.2 II. BACKGROUND ------------------------- The pfSense project is a free network firewall distribution, based on the FreeBSD operating system with a custom kernel and including third party free...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Identity Services Engine ISE Infra Admin UI could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed via HTTP GET or POST methods. An attacker coul...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

ManageEngine SupportCenter Plus Multiple Vulnerabilities (Jun 2015)

ManageEngine SupportCenter Plus is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

McAfee ePolicy Orchestrator Cross Site Scripting Vulnerability (Jun 2015)

McAfee ePolicy Orchestrator is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Connect < 9.4 Multiple Vulnerabilities

Adobe Connect is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:connect"; ifdescription...