CVE-2010-4606

The CVE concerns the Space Management client in the Hierarchical Storage Management (HSM) component of IBM Tivoli Storage Manager (TSM). Affected versions are 5.4.x (until 5.4.3.4), 5.5.x (until 5.5.3), 6.1.x (until 6.1.4), and 6.2.x (until 6.2.2) on Unix/Linux. The issue allows remote attackers ...

PmWiki < 2.2.21 XSS Vulnerability

PmWiki is prone to a cross-site scripting XSS vulnerability. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

PT-2010-5572 · Ibm · Ibm Tivoli Storage Manager

Name of the Vulnerable Software and Affected Versions: IBM Tivoli Storage Manager TSM versions 5.4.x through 5.4.3.3 IBM Tivoli Storage Manager TSM versions 5.5.x through 5.5.2 IBM Tivoli Storage Manager TSM versions 6.1.x through 6.1.3 IBM Tivoli Storage Manager TSM versions 6.2.x through 6.2.1...

Calibre 0.7.34 - Cross-Site Scripting / Directory Traversal

source: https://www.securityfocus.com/bid/45532/info Calibre is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in t...

Internet Explorer vulnerable to cross-site scripting

Overview Microsoft Internet Explorer contains a cross-site scripting vulnerability due to the way file types are determined. Microsoft Internet Explorer contains a vulnerability in handling Content-Type, which may result in cross-site scripting. For more information, refer to the information...

Movable Type vulnerable to cross-site scripting

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on t...

Orbis CMS 1.0.2 Shell Upload

'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticated user to upload a PHP script and...

Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =================================================== Orbis CMS 1.0.2 Arbitrary File Upload Vulnerability =================================================== 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav -...

&#39;Orbis CMS&#39; Arbitrary Script Execution Vulnerability &#40;CVE-2010-4313&#41;

'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticated user to upload a PHP script and...

Orbis CMS 1.0.2 - Arbitrary File Upload

Orbis CMS 1.0.2 - Arbitrary File Upload 'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any...

Orbis CMS 1.0.2 - Arbitrary File Upload

'Orbis CMS' Arbitrary Script Execution Vulnerability CVE-2010-4313 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' filemanfileupload.php script that allows any authenticated user to upload a PHP script and...

Wolf CMS 0.6.0b - Multiple Vulnerabilities

Vulnerability ID: HTB22681 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinwolfcms.html Product: Wolf CMS Vendor: Wolf CMS team http://www.wolfcms.org/ Vulnerable Version: 0.6.0b and probably prior versions Vendor Notification: 09 November 2010 Vulnerability Type: CSRF Cross-Site Request...

tomcat -- Cross-site scripting vulnerability

The Tomcat security team reports: The HTML Manager interface displayed web applciation provided data, such as display names, without filtering. A malicious web application could trigger script execution by an administartive user when viewing the manager pages...

WeBid Multiple Input Validation Vulnerabilities

WeBid is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include a local file-include vulnerability and a cross-site-scripting vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions migh...

pam security update

0.99.6.2-6.2 - fix insecure dropping of priviledges in pamxauth and pammail - CVE-2010-3316 637898, CVE-2010-3435 641335 - fix insecure executing of scripts with user supplied environment variables in pamnamespace - CVE-2010-3853 643043...

eoCMS <= 0.9.04 LFI Vulnerability

eoCMS is prone to multiple input-validation vulnerabilities, including: - HTML injection - SQL injection - Multiple local file include LFI Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, exploit...

PhreeBooks <= 2.1 Multiple Vulnerabilities - Active Check

PhreeBooks is prone to multiple input validation vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AdaptCMS 'init.php' Remote File Include Vulnerability

AdaptCMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

OrangeHRM <= 2.6.1 'uri' Parameter LFI Vulnerability

OrangeHRM is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

BSA-005 Security Update for postgresql-8.4

Gerfried Fuchs uploaded new packages for postgresql-8.4 which fixed the following security problem: CVE-2010-3433 The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before 7.4.30, 8.0 before 8.0.26, 8.1 before 8.1.22, 8.2 before 8.2.18, 8.3 before 8.3.12, 8.4 before 8.4.5, and 9.0 before...