60 matches found
CVE-2020-3367
A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance formerly Web Security Appliance could allow an authenticated, local attacker to perform command injection and elevate privileges to root. This vulnerability is due to insufficient validation of...
CVE-2018-7748
reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...
CVE-2018-7748
reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...
Google Maps Plugin Cross-Site Scripting Vulnerability in Joomla!
Joomla! Google Maps is a Joomla! module or component that displays Google Maps on one or more content pages. A cross-site scripting vulnerability in the Joomla! Google Maps plugin allows remote attackers to inject arbitrary web script or HTML via xmlns parameters...
CVE-2016-2986
Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...
D-Link DSL-2730B Modem - Cross-Site Scripting Injection Stored Wlsecrefresh.wl & Wlsecurity.wl
Exploit Title: D-Link DSL-2730B Modem wlsecrefresh.wl & wlsecurity.wl Exploit XSS Injection Stored Date: 11-01-2015 Exploit Author: Mauricio Correa Vendor Homepage: www.dlink.com Hardware version: C1 Version: GE 1.01 Tested on: Windows 8 and Linux !/usr/bin/perl Date dd-mm-aaaa: 11-11-2014 Exploi...
Cross site scripting
Cross-site scripting XSS vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element2 parameter...
CVE-2012-1098
Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...
NetGear C DSL Router R0318 - Multiple Web Vulnerabilities
Document Title: =============== NetGear C DSL Router R0318 - Multiple Web Vulnerabilities Release Date: ============= 2011-08-18 Vulnerability Laboratory ID VL-ID: ==================================== 40 Product & Service Introduction: =============================== RO318 ergänzt Produktfamilie...
CVE-2010-1112
Cross-site scripting XSS vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
CORE-2009-0911: DAZ Studio Arbitrary Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ DAZ Studio Arbitrary Command Execution 1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id: CORE-2009-0911 Advisory URL:...
DAZ Studio Arbitrary Command Execution
1. Advisory Information Title: DAZ Studio Arbitrary Command Execution Advisory Id: CORE-2009-0911 Advisory URL:https://www.coresecurity.com/core-labs/advisories/dazstudio-scripting-injection Date published: 2009-12-02 Date of last update: 2009-12-01 Vendors contacted: DAZ Release mode: User...
Blender .blend File Command Execution Vulnerability
This host is installed with blender and is prone to Remote Command Execution Vulnerability. OpenVAS Vulnerability Test $Id: secpodblendercmdexeclin.nasl 5660 2017-03-21 11:29:28Z cfi $ Blender .blend File Command Execution Vulnerability Authors: Maneesh KB Copyright: Copyright c 2009 SecPod,...
Blender 2.34/2.35a/2.4/2.49b - '.blend' Command Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Blender .blend Project Arbitrary Command Execution 1. Advisory Information Title: Blender .blend Project Arbitrary Command Execution Advisory Id: CORE-2009-0912...
CVE-2008-2204
Multiple cross-site scripting XSS vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 header, 2 header2, 3 header3, 4 header4, 5 header5, 6 header6, 7 header7, 8 header8, and 9 header9 parameters...
CVE-2006-4718
Multiple cross-site scripting XSS vulnerabilities in livreor.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 prenom, 2 emailFrom, or 3 body parameters...
CVE-2005-4455
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi...
Antville 1.1 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SA0004 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++ Antville 1.1 Cross Site Scripting +++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ PUBLISHED ON Nov 09, 2005 PUBLISHED AT...
POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
Wednesday, November 5, 2003 In our never-ending quest for entertainment, we commece from this date forward to end-2004 our POS series of findings. That is the 'perfect operating system'. Today we debut and regurgitate new and not so new for fun as follows. A warm up for the New Year if you will !...
Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
Tuesday, February 25, 2003 We are delighted to learn that the original self-executing html file, from June 1 2002 is now fixed with the most current of the many patches for the Internet Explorer series of browsers. See: http://online.securityfocus.com/archive/1/275126 Regrettably. The following...