Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. Date published : 2014-01-29 http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter. Date published : 2014-01-29 http://www.securityfocus.com/bid/62071 http://infosec42.blogspot.com/2013/08/exploit-xibo-digital-signage-sql.html
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second...
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intended...
The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary commands by using keyboard shortcuts to...
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attackers to cause a denial of...
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3)...
The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to execute arbitrary console commands by leveraging control of the server. Date published : 2014-01-29 http://www.securityfocus.com/bid/65127 http://www-01.ibm.com/support/docview.wss?uid=swg21663066
The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers via a crafted certificate. Date published :...
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Date published : 2014-01-29 http://www.securityfocus.com/bid/65127 http://www-01.ibm.com/support/docview.wss?uid=swg21663066
Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar SIEM 7.2 MR1 and earlier allows remote attackers to hijack the authentication of administrators for requests that modify console Auto Update settings. Date published :...
Cisco WebEx Meetings Server allows remote authenticated users to bypass authorization checks and (1) join arbitrary meetings, or (2) terminate a meeting without having a host role, via a crafted URL, aka Bug ID...
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine (ISE) 1.2 patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via a report containing a crafted URL that is...
Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted...