30 matches found
Multiple K2 Products SQL Injection Vulnerabilities
K2 blackpearl, smartforms, and K2 for SharePoint are all products from K2 Corporation. blackpearl is a suite of applications for building and running business processes. smartforms is an online business system push messaging product. k2 for SharePoint is a suite of applications for creating forms...
CVE-2015-7299
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...
Sql injection
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter...
Sophos Cyberoam CR500iNG-XP Firewall SQL Injection Vulnerability
Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS is a new-generation firewall from Sophos, UK, running the CyberoamOS operating system, which provides online application detection and control, web filtering, HTTPS checking, intrusion prevention and other features. It provides online...
Remote DoS Exploit on Confluence
Nir Goldshlager have discovered a vulnerability on atlassian-gadgets when parsing XMLs. Basically anyone can craft a URL containing a parameter with some XML that will make the instance run out of memory when trying to parse it. Details on the attack can be found on...
GLSA-201404-04 : Crack: Arbitrary code execution
The remote host is affected by the vulnerability described in GLSA-201404-04 Crack: Arbitrary code execution An XML parameter parsing vulnerability has been discovered in Crack. Impact : A remote attacker could execute arbitrary code with the privileges of the process, cause a Denial of Service...
Critical: Red Hat Security Advisory: Ruby on Rails security update
Updated rubygem-actionpack, rubygem-activesupport, and rubygem-activerecord packages that fix multiple security issues are now available for Red Hat Subscription Asset Manager. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scorin...
Critical: Red Hat Security Advisory: Ruby on Rails security update
Updated rubygem-actionpack, rubygem-activesupport, ruby193-rubygem-actionpack, and ruby193-rubygem-activesupport packages that fix multiple security issues are now available for Red Hat OpenShift Enterprise 1.0. The Red Hat Security Response Team has rated this update as having critical security...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in pfSense 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in an olsrd.xml action to pkgedit.php, 2 the xml parameter to pkg.php, or the if parameter to 3 statusgraph.php or 4 interfaces.php, a differe...
Design/Logic Flaw
webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows remote attackers to execute arbitrary code by overwriting a PHP file in webinc/bxe/scripts/ via a filename in the XML parameter and PHP sequences in the request body, then making a direct request for this filename...