SPSControl v1.2 iOS - (.spc) Persistent Vulnerability

Document Title: =============== SPSControl v1.2 iOS - .spc Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1404 Release Date: ============= 2015-01-16 Vulnerability Laboratory ID VL-ID: ==================================== 1404...

Open-Xchange Security Advisory 2015-01-05

Product: Open-Xchange Server 6 / OX AppSuite Vendor: Open-Xchange GmbH Internal reference: 35512 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 7.6.1 and earlier Vulnerable component: backend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version:...

VeryPhoto v3.0 iOS - Script Code Inject Web Vulnerability

Document Title: =============== VeryPhoto v3.0 iOS - Script Code Inject Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1401 Release Date: ============= 2015-01-13 Vulnerability Laboratory ID VL-ID: ====================================...

Marketo Cloud - Persistent Mail Encoding Vulnerability

Document Title: =============== Marketo Cloud - Persistent Mail Encoding Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1321 Release Date: ============= 2015-01-13 Vulnerability Laboratory ID VL-ID: ==================================== 132...

TWiki Multiple Cross-Site Scripting Vulnerabilities (Jan 2015)

TWiki is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:twiki:twiki";...

TWiki 'scope' Parameter Cross-Site Scripting Vulnerability

TWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:twiki:twiki";...

Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability

Document Title: =============== Konakart v7.3.0.1 CMS - CS Cross Site Web Vulnerability References Source: ==================== http://vulnerability-lab.com/getcontent.php?id=1362 Release Date: ============= 2014-12-04 Vulnerability Laboratory ID VL-ID: ==================================== 1362...

Subrion CMS 'search' Functionality Cross Site Scripting Vulnerability

Subrion CMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)

The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in...

Microsoft Internet Explorer Use After Free Remote Code Execution (CVE-2014-8967)

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...

Microsoft Internet Explorer XSS Filter CVE-2014-6365 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...

Microsoft Internet Explorer XSS Filter CVE-2014-6328 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...

Symantec Endpoint Protection Manager Multiple Vulnerabilities (Dec 2014)

Symantec Endpoint Protection Manager is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple Vulnerabilities

According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.10 or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities : - The included OpenSSL library contains a TLS downgrade weakness. By using fragmented ClientHello...

Splunk Enterprise 6.0.x < 6.0.7 Multiple Vulnerabilities (POODLE)

According to its version number, the Splunk Enterprise hosted on the remote web server is 6.0.x prior to 6.0.7. It is, therefore, affected by the following vulnerabilities : - A man-in-the-middle MitM information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles...

WordPress Digital Zoom Studio (DZS) Video Gallery Plugin Multiple Vulnerabilities

WordPress Digital Zoom Studio DZS Video Gallery Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...

Microsoft Internet Explorer CTitleElement Use After Free

A use after free vulnerability exists in Microsoft Internet Explorer. The vulnerability is due to an error while handling certain objects when processing HTML and script code. A remote unauthenticated attacker could exploit this vulnerability by enticing the target user to open a specially crafte...

Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)

A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...