CVE-2020-7135

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant SPP releases 2018.06.0, 2018.09.0, and...

CVE-2012-0187

CVE-2012-0187 affects IBM Lotus Expeditor 6.1.x and 6.2.x prior to 6.2 FP5+Security Pack. The issue is an untrusted search path that lets local users gain privileges via a Trojan horse DLL in the current working directory. Remediation (from the sources) is to apply the 6.2 FP5+Security Pack (or l...

Vulnerability in Invision Power Board

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости причём persistent XSS в Invision Power Board. Из-за отсутствия защиты от исполнения JavaScript кода из flash, при включенной поддержке флеша в сообщениях, атакующий может внедрить ссылку на специальный флеш-файл в...

[HSC] Snitz Forums Multiple Vulnerabilities

HSC Snitz Forums Multiple Vulnerabilities Snitz Forums Default Database installation allows remote users to download the database which contains critical information. As a result, an attacker exploiting this vulnerability will be able to obtain detailed information. An attacker may leverage xss...

IPortalX Forums Cross-Site Scripting Vulnerability

HSC IPortalX Forums Cross-Site Scripting Vulnerability IPortalX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

bitweaver-sqlxss.txt

HSC Bitweaver XSS & SQL Injection Vulnerability Bitweaver is an open source content management system. Its speed and power are ideal for large-scale community websites and corporate applications, but it is simple enough for non-technical small site users to set up and administrate. It comes fully...

mps-insertion.txt

HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...

gwextranet-multi.txt

HSC GWExtranet Script Injections & Privilege Escalation Vulnerability Attackers may exploit this issue via a web client. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker...

MySpace Scripts - Poll Creator JavaScript Injection Vulnerability

HSCMySpace Scripts - Poll Creator JavaScript Injection Vulnerability Our MySpace Poll Creator script is the ultimate addition to your MySpace resource site. The script enables your user to quickly and easily create a poll that they can post to profile or bulletin to all their friends. Everyone...

Omnistar Live Software Cross-Site Scripting Vulrnability

HSC Omnistar Live Software Cross-Site Scripting Vulrnability Omnistar Live is web based PHP help desk software used by webmasters that combines live chat and helpdesk software in one easy to use solution. Our customer service software combines ticketed support web and email based, live chat and a...

eGov Content Manager Cross Site Scripting Vulrnability

HSC eGov Content Manager Cross Site Scripting Vulrnability The eGov Manager was designed to simplify the efforts of government staffers who are responsible for posting public documents, news updates, events, managing staff directories and online services. This issue is due to a failure in the...

InterWorx-CP Multiple HTML Injections Vulnerabilitie

HSC InterWorx-CP Multiple HTMl Injection Vulnerabilities The InterWorx Hosting Control Panel InterWorx-CP is a dedicated server control panel. InterWorx suffers from multiple HTMl injection vulnerabilities. JavaScript and Cross site scripting are just few found vulns, more sophisticated attacks...

DeskPRO Admin Panel Multiple HTML Injections

HSC DeskPRO Admin Panel Multiple HTML Injections An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks....

CACTUSHOP 6 Default Installation Allows Remote Database Disclosure

Cactushop V6 allows remote users to download the database which contains creditcard numbers and critical information. The affected carts default installation gives away the path to database file. As a result, an attacker exploiting this vulnerability will be able to obtain detailed private custom...