hanweb /xxgk/workflow/objectbox/selectx_search.jsp SQL注入漏洞

No description provided by source...

Oracle GENERATESCHEMA Buffer Overflow Exploit

This Exploit a buffer overflow in Oracle10g. When sending a specially formatted query to the GENERATESCHEMA function in the XDB.DBMSXMLSCHEMA package, an attacker may be able to execute arbitrary code. NOTE: For targets running DEP, you will need to choose target 0 then rexploit with target 1. Th...

PHP file include vulnerability analysis-vulnerability warning-the black bar safety net

One, What is”remote file inclusion vulnerability”for? The answer is: the server through the php properties of a function to contain any files, since you want to include this file source filter is not strict, so can go to that contains a malicious file and we can construct the malicious file to...

SA-CONTRIB-2014-021 - Maestro - Cross Site Scripting (XSS)

The Maestro module enables you to create complex workflows, automating business processes. The module doesn't sufficiently filter Role or Organic Group names when displaying them in the workflow details. This vulnerability is mitigated by the fact that an attacker must have a role with the...

PT-2014-3366 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: vTiger CRM version 5.4.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the return url parameter to the "modulescom vtiger workflowsavetemplate.php"...

Design/Logic Flaw

Eval injection vulnerability in frontview/lib/nphandler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."...

Vtiger 5.4.0 Cross Site Scripting Vulnerability

Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities. Vtiger 5.4.0 Reflected Cross Site Scripting I. Information ================== Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage :...

JIRA Workflow Step Property jira.permission.browse allows you to view issues in issue navigator

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-35917. panel h3. Summary The JIRA Workflow Step Property jira.permission.browse does not prevent you to view issues in issue navigator. h3...

TDXK OA /general/workflow/list/roll_config.php SQL注入漏洞

No description provided by source...

Microsoft Office Web Apps Remote Code Execution vulnerability (2834052)

This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...

[SECURITY] Fedora 18 Update: drupal7-rules-2.3-1.fc18

The rules modules allows site administrators to define conditionally execut ed actions based on occurring events known as reactive or ECA rules. It's a replacement with more features for the trigger module in core and the successor of the Drupal 5 workflow-ng module...

[SECURITY] Fedora 17 Update: drupal7-rules-2.3-1.fc17

The rules modules allows site administrators to define conditionally execut ed actions based on occurring events known as reactive or ECA rules. It's a replacement with more features for the trigger module in core and the successor of the Drupal 5 workflow-ng module...

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

XSS vulnerabilty in JIRA Misc Workflow Extensions

There is a XSS vulnerability in the JIRA Misc Workflow Extensions plugin on the "Add Parameters To Validator" page. Validators / Add / Comment Required Validator The group names are not escaped and allow execution of Javascript. Affects: JIRA Misc Workflow Extensions 2.5.5.1...

Kodak Insite Creative Workflow System SQL Injection

Hello ... While investigating a recent installation of Kodak's Insite Creative Workflow System for my current employer, an SQL Injection vulnerability was discovered in its "Forgot Your Password?" page. An example of this application can be seen on the Kodak site...

Fedora 17 : wordpress-3.5.1-1.fc17 (2013-1692)

WordPress 3.5.1 is now available. Version 3.5.1 is the first maintenance release of 3.5, fixing 37 bugs. It is also a security release for all previous WordPress versions. Which include : - Editor: Prevent certain HTML elements from being unexpectedly removed or modified in rare cases. - Media: F...

MantisBT 1.2.x < 1.2.13 Multiple Vulnerabilities

According to its version number, the MantisBT install hosted on the remote web server is affected by multiple vulnerabilities : - Version 1.2.12 of the application is affected by a cross-site scripting XSS vulnerability because the 'search.php' script fails to properly sanitize user-supplied inpu...

[SECURITY] Fedora 18 Update: trytond-2.4.2-1.fc18

Tryton is a three-tiers high-level general purpose application framework written in Python and use PostgreSQL as database engine. It is the core base of an Open Source ERP. It provides modularity, scalability and security. The core of Tryton also called Tryton kernel provides all the necessary...

CVE-2012-3799

Multiple cross-site request forgery CSRF vulnerabilities in the Maestro module 7.x-1.x before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 change workflows or 2 insert cross-site scripting XSS sequences...

[SECURITY] Fedora 17 Update: python-virtualenvwrapper-3.4-1.fc17

virtualenvwrapper is a set of extensions to Ian Bicking's virtualenv tool. The extensions include wrappers for creating and deleting virtual environments and otherwise managing your development workflow, making it easier to work on more than one project at a time without introducing conflicts in...