Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) before 6.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) USRLNM parameter to myaccount/mysettings.edit.validate.asp or the frame...
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter. Date published : 2014-06-18 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140606-0_WebTitan_Multiple_Vulnerabilities_v10.txt
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action. Date published : 2014-06-18 http://packetstormsecurity.com/files/126984/WebTitan-4.01-Build-68-SQL-Injection-Command-Execution.html...
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2014-06-18 http://packetstormsecurity.com/files/126858/NICE-Recording-eXpress-6.x-Root-Backdoor-XSS-Bypass.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140528-0_NICE_Recording_eXpress_Multiple_critical_vulnerabilities_v10.txt
Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. Date published : 2014-06-18 http://www.securityfocus.com/bid/68017 https://www.netsparker.com/critical-xss-vulnerability-in-sql-buddy
Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to...
Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter. Date published : 2014-06-18 http://packetstormsecurity.com/files/127050/HAM3D-Shop-Engine-CMS-Cross-Site-Scripting.html
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or...
wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x before 1.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted packet-trace file...
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to read arbitrary files via a crafted get_file request. Date published : 2014-06-18 http://forums.alienvault.com/discussion/2806 http://www.zerodayinitiative.com/advisories/ZDI-14-207/
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to execute arbitrary code via a crafted remote_task request, related to injecting an ssh public key. Date published : 2014-06-18 http://forums.alienvault.com/discussion/2806 http://www.zerodayinitiative.com/advisories/ZDI-14-206/
The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request. Date published : 2014-06-18 http://forums.alienvault.com/discussion/2806 http://www.zerodayinitiative.com/advisories/ZDI-14-205/
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT...
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors. Date published : 2014-06-18 http://www.securityfocus.com/bid/68070 http://linux.oracle.com/errata/ELSA-2014-0926-1.html