MCTOOLS in the fabric interconnect in Cisco Unified Computing System (UCS) allows local users to execute arbitrary Baseboard Management Controller (BMC) commands by leveraging (1) local, (2) shell-level, or (3) debug-level privileges at the...
A cluster setup script for fabric interconnect devices in Cisco Unified Computing System (UCS) allows remote attackers to execute arbitrary commands via invalid parameters, aka Bug ID CSCtg20793. Date published : 2013-09-24 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-4087 http://www.securitytracker.com/id/1029086
The Intelligent Platform Management Interface (IPMI) implementation in the Blade Management Controller in Cisco Unified Computing System (UCS) allows remote attackers to enumerate valid usernames by observing IPMI interface responses, aka Bug ID CSCtg20761....
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka...
Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2013-09-24 https://discussions.nessus.org/message/22174#22174 http://www.osvdb.org/97584
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. Date published : 2013-09-24 http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009 http://support.esri.com/en/knowledgebase/techarticles/detail/41497
Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. Date published : 2013-09-24 http://www.kb.cert.org/vuls/id/521348
Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46.45 allows remote attackers to inject...
Open redirect vulnerability in JForum 2.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnPath parameter in a validateLogin action to jforum.page. Date...
Stack-based buffer overflow in Logica HotScan allows remote attackers to cause a denial of service (crash) via a crafted packet. Date published : 2013-09-23 http://seclists.org/bugtraq/2012/Oct/50
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors. Date published : 2013-09-23 http://blogs.sophos.com/2013/08/21/utm-up2date-9-105-released/ http://www.securitytracker.com/id/1029039
SQL injection vulnerability in property_listings_detail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter. Date published : 2013-09-23 http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt
Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. Date published : 2013-09-23 http://packetstormsecurity.com/files/123138/realestatephpscript-xss.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/86986
Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. Date published : 2013-09-23 http://osvdb.org/ref/97/platinum_seo.txt...