2326 matches found
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeE1Menu_OCL.mafService?e1.namespace Cross-Site Scripting
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeE1MenuOCL.mafService?e1.namespace Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these...
CRESUS - recette_detail.php SQL Injection
CRESUS - recettedetail.php SQL Injection source: https://www.securityfocus.com/bid/47416/info CRESUS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...
XOOPS 2.5 - imagemanager.php Local File Inclusion
XOOPS 2.5 - imagemanager.php Local File Inclusion source: https://www.securityfocus.com/bid/47418/info XOOPS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view arbitrary local files within th...
vTiger CRM 5.2.1 - 'sortfieldsjson.php' Local File Inclusion
source: https://www.securityfocus.com/bid/47263/info vtiger CRM is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in t...
eGroupWare 1.8.1 - test.php Cross-Site Scripting
eGroupWare 1.8.1 - test.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47273/info eGroupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in t...
UseBB 1.0.11 - admin.php Local File Inclusion
UseBB 1.0.11 - admin.php Local File Inclusion source: https://www.securityfocus.com/bid/47166/info UseBB is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information...
TutorialMS v1.4 (show) Remote SQL Injection Vulnerability
Summary TutorialMS is a free content management system, developed specifically for tutorial pages. It is written in PHP and uses MySQL as a database. TutorialMS offers all the usual features you need to build quick and easy your own tutorial page, without great programming knowledge. Description...
pppBLOG 'search.php' Cross Site Scripting Vulnerability
pppBLOG is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion
source: https://www.securityfocus.com/bid/47065/info webEdition CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view and execute arbitrary local files in the context of the webserver proces...
OrangeHRM <= 2.6.2 'jobVacancy.php' XSS Vulnerability - Active Check
OrangeHRM is prone to a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...
NewsPortal 'post.php' Cross Site Scripting Vulnerability
NewsPortal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright ...
FLVPlayer4Free 2.9 - .fp4f Remote Buffer Overflow
FLVPlayer4Free 2.9 - .fp4f Remote Buffer Overflow source: https://www.securityfocus.com/bid/47045/info FLVPlayer4Free is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to...
eXPert PDF Batch Creator 7.0.880.0 - Denial of Service
source: https://www.securityfocus.com/bid/47040/info eXPert PDF is prone to a denial-of-service vulnerability. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. eXPert PDF 7.0.880.0 is vulnerable; other versions may also be affected...
netjukebox 'skin' Parameter Cross Site Scripting Vulnerability
netjukebox is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Perl 5.x - Perl_reg_numbered_buff_fetch() Remote Denial of Service
Perl 5.x - Perlregnumberedbufffetch Remote Denial of Service source: https://www.securityfocus.com/bid/47006/info Perl is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application implemented with affected perl code to abort, denying service to...
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
source: https://www.securityfocus.com/bid/47006/info Perl is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause an application implemented with affected perl code to abort, denying service to legitimate users. !/usr/bin/perl my @x = "A=B","AAAA=/";...
Nazgul Nostromo nhttpd < 1.9.4 RCE / Directory Traversal Vulnerability - Active Check
Nazgul Nostromo nhttpd is prone to a remote command execution RCE vulnerability because it fails to properly validate user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
VideoLAN VLC Media Player 1.0.5 - .ape Denial of Service
VideoLAN VLC Media Player 1.0.5 - .ape Denial of Service source: https://www.securityfocus.com/bid/46868/info VLC Media Player is prone to a denial-of-service vulnerability. Successful exploits may allow attackers to crash the affected application, denying service to legitimate users. VLC Media...
Nagios 'layer' Parameter XSS Vulnerabilities
Nagios is prone to a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Novatel Wireless MiFi 2352 Password Information Disclosure Vulnerability - Active Check
MiFi 2352 is prone to an information disclosure vulnerability that may expose sensitive information. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...