Croogo 2.0.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. Croogo 2.0.0 Multiple Stored XSS Vulnerabilities Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered...

Folder Plus 2.5.1 iOS - Persistent XSS Vulnerability

No description provided by source. Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID:...

Microsoft SharePoint Foundation Privilege Elevation Vulnerability (3000431)

This host is missing an important security update according to Microsoft Bulletin MS14-073. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

Microsoft Internet Explorer CVE-2014-6346 Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...

Nordex NC2 'username' Parameter Cross Site Scripting Vulnerability

Nordex NC2 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Internet Explorer CVE-2014-6345 Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...

Microsoft Internet Explorer CVE-2014-6340 Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability. An attacker can exploit this issue to view content from a browser window in another domain or security zone. This may allow the attacker to obtain sensitive information or aid in further...

HP Sprinter Tidestone Formula One ActiveX Multiple Memory Corruption (CVE-2014-2635)

Multiple vulnerabilities exist in HP Sprinter. The vulnerabilities are in methods AttachToSS, CopyRange, CopyRangeEx, and SwapTables within the Tidestone Formula One ActiveX control. A remote, unauthenticated attacker could exploit this vulnerability by enticing an unsuspecting victim to follow a...

WordPress Web Dorado Spider Video Player XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

HP System Management Homepage red2301.html RedirectUrl Cross Site Scripting (CVE-2014-2640)

A cross-site scripting vulnerability exists in HP's System Management Homepage SMH. The vulnerability is due to an input validation error when handling 'RedirectUrl' parameter of red2301.html page. A remote attacker could exploit this vulnerability by enticing a target user to follow a malicious...

Folder Plus v2.5.1 iOS - Persistent Item Vulnerability

Document Title: =============== Folder Plus v2.5.1 iOS - Persistent Item Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1348 Release Date: ============= 2014-10-24 Vulnerability Laboratory ID VL-ID: ==================================== 134...

Reflected Cross-Site Scripting (XSS) in Simple Email Form Joomla Extension

High-Tech Bridge Security Research Lab discovered vulnerability in Simple Email Form Joomla Extension, which can be exploited to perform Cross-Site Scripting XSS attacks against visitors and administrators of Joomla websites with installed plugin. 1 Reflected Cross-Site Scripting XSS in Simple...

Dell SonicWall GMS 7.2.x Script Insertion

Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ====================================...

Dell SonicWALL Gms 7.2.x - Code Injection

Document Title: =============== Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1222 Release Date: ============= 2014-10-21 Vulnerability Laboratory ID VL-ID: ====================================...

ASP.NET MVC Security Feature Bypass Vulnerability (2990942)

This host is missing an important security update according to Microsoft Bulletin MS14-059. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

MS14-059: Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)

The version of ASP.NET MVC Model View Controller installed on the remote host is affected by an unspecified cross-site scripting vulnerability. A remote unauthenticated attacker could exploit this flaw to execute arbitrary script code in a user's browser subject to the privileges of the user...

Microsoft ASP.NET MVC CVE-2014-4075 Cross Site Scripting Vulnerability

Description Microsoft ASP.NET MVC is prone to a cross-site scripting vulnerability because it fails to properly encode user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could...

WordPress EWWW Image Optimizer 2.0.1 Cross Site Scripting

Advisory ID: HTB23234 Product: EWWW Image Optimizer WordPress plugin Vendor: Shane Bishop Vulnerable Versions: 2.0.1 and probably prior Tested Version: 2.0.1 Advisory Publication: September 17, 2014 without technical details Vendor Notification: September 17, 2014 Vendor Patch: September 24, 2014...

JobScheduler Multiple Vulnerabilities (Oct 2014)

JobScheduler is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability

Document Title: =============== ChatSecure IM v2.2.4 iOS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1317 Release Date: ============= 2014-09-10 Vulnerability Laboratory ID VL-ID: ==================================== 13...