40 matches found
IBM Jazz Team Server Cross-Site Scripting Vulnerability (CNVD-2021-88188)
IBM Jazz Team Server is an application server from IBM USA. Provides base services that enable a group of tools to work together as a single logical server and includes any number of Jazz Team Server Extensions that provide tool-specific functionality. A cross-site scripting vulnerability exists ...
Netscaut nGeniusONE FDSQueryService Function Cross-Site Scripting Vulnerability
Netscout NgeniusOne is a centralized application and network performance management solution from Netscout, Inc. A cross-site scripting vulnerability exists in Netscaut nGeniusONE in version 6.3.0 build 1196 and earlier, which stems from a lack of validation of user input data and filtering of...
NETGEAR Multiple Products Command Injection Vulnerability
Netgear NETGEAR is a router from Netgear, Inc. A hardware device that connects two or more networks and acts as a gateway between networks. Several NETGEAR devices have a security vulnerability that stems from the product's failure to filter special characters in user input data, which could allo...
NCH Quorum Cross-Site Scripting Vulnerability
NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which stems from the product's /conferencebrowseuploadfile?confid=failure to properly handle user input data and can be exploited to...
NCH Axon PBX Cross-Site Scripting Vulnerability (CNVD-2021-55917)
NCH Axon PBX is a set of virtual telephone switch software used in commercial environments. The software is primarily used to manage telephone call centers and implements the functionality of a telephone switch in software.A cross-site scripting vulnerability exists in NCH Axon PBX, which stems...
Aruba ClearPass Policy Manager Command Injection Vulnerability (CNVD-2021-50186)
Aruba ClearPass Policy Manager is an application from Aruba, Inc. that provides a wireless network security access management system. Aruba ClearPass Policy Manager suffers from a command injection vulnerability that originates from the product not doing security checks on user input data, which...
Unspecified Vulnerability in Interactive Graphical SCADA System (IGSS)
The Schneider Electric Interactive Graphical SCADA System IGSS is an advanced SCADA system for monitoring and controlling industrial processes. A security vulnerability exists in the Definition module of Interactive Graphical SCADA System IGSS versions 15.0.0.21140 and earlier. The vulnerability...
CVE-2019-10790
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found...
The vulnerability of SAP BusinessObjects Business Intelligence platform arises from deficiencies in the encryption of user-input data. This allows attackers to execute cross-site scripting attacks (XSS).
The vulnerability of the SAP BusinessObjects Business Intelligence platform exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability could allow a malicious actor to perform cross-site scripting attacks XSS remotely...
The vulnerability of the SAP NetWeaver AS ABAP software platform arises from deficiencies in the encryption of user-input data. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the SAP NetWeaver AS ABAP software platform exists due to deficiencies in the encryption of data entered by users. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
The vulnerability of the SAP Enable Now platform stems from deficiencies in the encryption of user-input data, allowing attackers to carry out XSS attacks.
The vulnerability of the SAP Enable Now platform exists due to deficiencies in the encryption of user-input data. Exploiting this vulnerability allows a malicious actor to perform XSS attacks remotely...
Rockwell Automation Allen-Bradley CompactLogix Cross-Site Scripting (CVE-2016-2279)
A cross site scripting vulnerability has been reported in Rockwell Scada System. The vulnerability is due to lack of sanitization of user supplied input data. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser session in the context of the...
CVE-2017-3936
OS Command Injection vulnerability in McAfee ePolicy Orchestrator ePO 5.9.0, 5.3.2, 5.3.1, 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows attackers to run arbitrary OS commands with limited privileges via not sanitizing the user input data before exporting it into a CSV format output...
Vanilla <= 1.1.3 - Remote Blind SQL Injection Exploit
No description provided by source. ?php Vanilla = 1.1.3 Remote Blind SQL Injection Exploit By InATeam http://inattack.ru/ Requirements: MySQL = 4.1, magicquotesgpc=Off Tested on versions 1.1.3, 1.1.2, 1.0.1 echo ------------------------------------------------------------\n; echo Vanilla = 1.1.3...
Mitel Audio and Web Conferencing (AWC) RCE Vulnerability (Jan 2011)
Mitel Audio and Web Conferencing AWC is prone to a remote command injection vulnerability because it fails to adequately sanitize user-supplied input data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
Mozilla Firefox browser is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win
The host is installed with Mozilla Firefox browser and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbfirefoxnullptrdosvulnwin.nasl 4865 2016-12-28 16:16:43Z teissa $ Firefox Browser designMode Null Pointer Dereference DoS Vulnerability - Win Authors: Chandan S...
JVN#20502807 Snoopy command injection vulnerability
Snoopy is an open source PHP library. Snoopy does not properly handle user-input data. This causes a vulnerability which may allow a remote attacker to execute an arbitrary command. Impact An arbitrary command could be executed with the privilege of the server where Snoopy runs. Solution Update t...
Woltlab Burning Board 2.3.6 - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/22796/info Woltlab Burning Board is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the...
OneWorldStore - OWAddItem.asp SQL Injection
OneWorldStore - OWAddItem.asp SQL Injection source: https://www.securityfocus.com/bid/13181/info OneWorldStore is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...