A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56
Airties Air5650TT Modem suffers from a cross site scripting vulnerability.
ab7c0ffdb194773ff18441ad3a3019c3de12206e027fdcf0f1d2ad8536e5cada
It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9
An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739f
A command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580
A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4
A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fc
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efc
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3
A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3
Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
13a087d5f2f67cb83cae17714e4c2ac16a5fac9e86d1e5c867d8eb4365e3950f
It was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369
Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
8b0545d79dddb6edb3e4b16cb96f955ce9377484475055942b60c012d1d98d58
The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06a
Chamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68
It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebc
Websense Content Gateway error messages are vulnerable to cross site scripting.
58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03
This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.
c09c7bc2af2fa4964302e3a4f6d647d52b5f54144194e7dc8ab94d56a1e95f73
TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5
Websense Reporting suffers from multiple cross site scripting vulnerabilities.
19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710b
Core Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bc
Websense Explorer's report scheduler suffers from a cross site scripting vulnerability.
437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461
It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.
f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305
It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.
ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28ea
Websense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.
bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3