14 matches found
EUVD-2014-0374
Malware in sbrugna...
EUVD-2014-0373
Malware in sbrugna...
Serena Dimensions CM跨站脚本漏洞
Bugtraq ID:65976 CVE ID:CVE-2014-0335 Serena Dimensions CM是一款项目计划管理工具。 Serena Dimensions CM存在多个跨站脚本漏洞,允许远程攻击者利用漏洞注入恶意脚本或HTML代码,当恶意数据被查看时,可获取敏感信息或劫持用户会话。 0 Serena Dimensions CM 12.2 Build 7.199.0 web client 目前没有详细解决方案提供: http://www.serena.com/index.php/en/products/featured-products/dimensions-cm/...
Serena Dimensions CM跨站请求伪造漏洞
Bugtraq ID:65981 CVE ID:CVE-2014-0336 Serena Dimensions CM是一款项目计划管理工具。 Serena Dimensions CM存在一个跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 Serena Dimensions CM 12.2 Build 7.199.0 web client 目前没有详细解决方案提供: http://www.serena.com/index.php/en/products/featured-products/dimensions-cm/ html !--...
CVE-2014-0336
Cross-site request forgery CSRF vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the usernewmaster parameter to the adminconsole/ URI...
CVE-2014-0335
Multiple cross-site scripting XSS vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the 1 DBCONN, 2 DBNAME, 3 DMHOST, 4 MANDBNAME, 5 framecmd, 6 identifier, 7 merant.adm.adapters.AdmDialogPropertyMgr, 8...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the 1 DBCONN, 2 DBNAME, 3 DMHOST, 4 MANDBNAME, 5 framecmd, 6 identifier, 7 merant.adm.adapters.AdmDialogPropertyMgr, 8...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the usernewmaster parameter to the adminconsole/ URI...
CVE-2014-0336
Cross-site request forgery CSRF vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the usernewmaster parameter to the adminconsole/ URI...
CVE-2014-0335
Serena Dimensions CM 12.2 Build 7.199.0 web client contains multiple cross-site scripting vulnerabilities (CWE-79). Exploitable via unauthenticated vectors in parameters such as DB_CONN, DB_NAME, DM_HOST, MAN_DB_NAME, framecmd, identifier, merant.adm.adapters.AdmDialogPropertyMgr, nav_frame, nav_...
CVE-2014-0335
Multiple cross-site scripting XSS vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the 1 DBCONN, 2 DBNAME, 3 DMHOST, 4 MANDBNAME, 5 framecmd, 6 identifier, 7 merant.adm.adapters.AdmDialogPropertyMgr, 8...
Serena Dimensions CM 12.2 Build 7.199.0 web client vulnerabilities
Overview Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting vulnerabilities. Description Serena Dimensions CM 12.2 Build 7.199.0 web client and possibly earlier versions contains multiple cross-site scripting...
Serena Dimensions CM cryptographic vulnerability
Server certificate is not validated by client...
Serena Dimensions CM Desktop Client does not validate the server SSL certificate
Application: Serena Dimensions CM Affected versions: 10.1 and later Vulnerability: man-in-the-middle attacks Problem type: remote Problem description: ==================== The client/server connection can be SSL encrypted by setting "-ssl" in the listener.dat. The problem is that the Desktop clie...