Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors. Date published : 2014-07-28 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03993467...
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the –pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was...
Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3) cm, (4) map, (5) lines,...
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter. Date published : 2014-07-28 http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in...
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter. Date published : 2014-07-28 http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94719
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action. Date published : 2014-07-28 http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94718
Cross-site scripting (XSS) vulnerability in single_pagesdownload_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. Date published : 2014-07-28 http://www.securityfocus.com/bid/68685 https://www.concrete5.org/documentation/background/version_history/5-6-3-release-notes
concrete5 before 5.6.3 allows remote attackers to obtain the installation path via a direct request to (1) system/basics/editor.php, (2) system/view.php, (3) system/environment/file_storage_locations.php, (4) system/mail/importers.php, (5) system/mail/method.php, (6) system/permissions/file_types.php, (7) system/permissions/files.php, (8) system/permissions/tasks.php, (9) system/permissions/users.php,...
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.4.x through 3.4.6 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to admin/install/index.php. Date...
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate_signup.php or (2) entry_country_id parameter in...
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter...
The OutlookAction Class in Cisco WebEx Meetings Server allows remote attackers to enumerate user accounts by entering crafted URLs and examining the returned messages, aka Bug ID CSCuj81722. Date published : 2014-07-28 http://www.securityfocus.com/bid/68911 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3304
The web framework in Cisco WebEx Meetings Server does not properly restrict the content of query strings, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer...