6665 matches found
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS Vulnerabilities
Exinda WAN Optimization Suite version 7.0.0 2160 suffers from cross site request forgery and cross site scripting vulnerabilities. I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN...
Exinda WAN Optimization Suite 7.0.0 CSRF / XSS
I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN Optimization Suite integrates enterprise-caliber bandwidth acceleration and optimization with best-in-class application network visibilit...
Cart Engine 3.0 - Multiple Vulnerabilities
Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...
Cart Engine 3.0 - Multiple Vulnerabilities
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
Joomla! 2.5.x < 2.5.25 / 3.x < 3.2.5 / 3.3.x < 3.3.4 Multiple Vulnerabilities
According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.25, 3.x prior to 3.2.5, or 3.3.x prior to 3.3.4. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the commedi...
Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin
High-Tech Bridge Security Research Lab discovered vulnerability in MaxButtons WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against logged-in administrator. 1 Reflected Cross-Site Scripting XSS in MaxButtons wordpress plugin: CVE-2014-7181 Input passed via t...
Google Android Browser Same Origin Policy Bypass (CVE-2014-6041)
A security bypass vulnerability has been reported in Google Android's stock browser. Attackers can exploit this issue to bypass the same-origin policy and certain access restrictions to access data, or execute arbitrary script code in the browser of an unsuspecting user in the context of another...
Cart Engine 3.0 XSS / Open Redirect / SQL Injection
=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...
Joomla! Spider Calendar Component <= 3.2.6 SQLi Vulnerability - Active Check
Joomla! Spider Calendar Component is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Kajona CMS Multiple Cross-Site Scripting Vulnerabilities
Kajona CMS is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ntopng 1.2.0 - XSS Vulnerability
ntopng version 1.2.0 suffers from a cross site scripting vulnerability using monitored network traffic. ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar ...
ntopng 1.2.0 XSS injection using monitored network traffic
ntopng 1.2.0 XSS injection using monitored network traffic ntopng is the next generation version of the original ntop, a network traffic probe and monitor that shows the network usage, similar to what the popular top Unix command does. The web-based frontend of the software is vulnerable to...
WordPress SI CAPTCHA Anti-Spam Plugin Cross Site Scripting Vulnerability
WordPress SI CAPTCHA Anti-Spam Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting
I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...
WordPress Facebook Promotion Generator Plugin Cross Site Scripting Vulnerability
WordPress Facebook Promotion Generator Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
WordPress Contact Form Plugin Cross Site Scripting Vulnerability
WordPress Contact Form Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms
High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...
Easy FTP Pro 4.2 iOS - Script Code Inject Vulnerabilities
Document Title: =============== Easy FTP Pro 4.2 iOS - Script Code Inject Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1291 Release Date: ============= 2014-08-06 Vulnerability Laboratory ID VL-ID: ====================================...
RaidenTunes - music_out.php Cross-Site Scripting
RaidenTunes - musicout.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42167/info RaidenTunes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities
SkaDate Lite version 2.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...