A cross site scripting vulnerability was found in the xen_hotfix page of the Citrix NITRO SDK.
33744821fe7b647214982e21e9c2f3008a42466359ddb11e760b84a946ef3f56Airties Air5650TT Modem suffers from a cross site scripting vulnerability.
ab7c0ffdb194773ff18441ad3a3019c3de12206e027fdcf0f1d2ad8536e5cadaIt was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gain privileged access to devices managed by Command Center.
85d89d3569e65de31b41ef51ec733b7638c8cddd02e54405362cc915a3cf0ba9An SQL injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to retrieve arbitrary data from the application, interfere with its logic, or execute commands on the database server itself.
bb6357690b58aa6a4b191b7aa985885a9140da18129605a49ab28a5d5f94739fA command injection vulnerability was found in EMC Secure Remote Services Virtual Edition (ESRS VE) that allows an attacker to execute arbitrary system commands and take full control over ESRS VE.
25bdb20a5f5b3d42c931790e6cd29e66b72b1f64447adff01728369675f2c580A path traversal vulnerability was found in EMC M&R (Watch4net) Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
25a0b7a9df5cc011236dd7a3b788dfc90ab7e490e99ee01ab27b7e427abbf1f4A path traversal vulnerability was found in EMC M&R (Watch4net) MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries.
7668d0639a82fb6e91ad48888c3d7bd515ca0ed072a654718c3c05f3099551fcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Alerting Frontend. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
0b2a8f256d6e1bbff59fe9299dff71fea85a0647f548112aeca2df8c229f8efcA cross site scripting vulnerability was found in EMC M&R (Watch4net) Centralized Management Console. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, logging their keystrokes, or exploit issues in other areas of Watch4net.
e753a3139ef1cd1757ba424112936d43b543c6cc2b2a4b844aa489ad404f66c3A cross site scripting vulnerability was found in EMC M&R (Watch4net) Web Portal. This issue allows attackers to replace the report that is shown at startup, the attackers payload will be stored in the user's profile and will be executed every time the victim logs in.
141134491cadd7c74cea4c79f049a63533385f6a32812f238cead4440d47eda3Subrion version 3.3.0 suffers from a cross site request forgery vulnerability that allows for arbitrary SQL injection.
13a087d5f2f67cb83cae17714e4c2ac16a5fac9e86d1e5c867d8eb4365e3950fIt was discovered that the Advent JMX Servlet of Citrix Command Center is accessible to unauthenticated users. This issue can be abused by attackers to comprise the entire application. It also suffers from a cross site scripting vulnerability.
65939691ebbc97cc1c48cec0c147e8482d72899a48cea80d719973492c299369Mac OS X version 10.10.2 suffers from multiple heap overflow vulnerabilities. Included is a xnu local privilege escalation via IOHIDSecurePromptClient injectStringGated heap overflow exploit.
8b0545d79dddb6edb3e4b16cb96f955ce9377484475055942b60c012d1d98d58The Yoast WordPress Google Analytics plugin suffers from a stored cross site scripting vulnerability.
d6d78da9aaf708477febf5b28d9b24d0e4b006ac9e957ab5384d4581c4a5a06aChamilo LMS versions 1.9.10 and below suffer from cross site request forgery and cross site scripting vulnerabilities.
230e777d25a2151f00153422fa704dbe817526a68723d31dcf7694a7df533d68It was discovered that EMC M&R (Watch4net) credentials of remote servers stored in Watch4net are encrypted using a fixed hard-coded password. If an attacker manages to obtain a copy of the encrypted credentials, it is trivial to decrypt them.
b874a1afbc5b38698999dfd742cae4cdd0e36be6fccb7cf1fd8d2189a3baeebcWebsense Content Gateway error messages are vulnerable to cross site scripting.
58f600eaed898f1ca351c4b8d1cbec131fbfe943f225520c81a41f29a0067a03This Metasploit module exploits a stack based buffer overflow in Publish-It when processing a specially crafted .PUI file. This vulnerability could be exploited by a remote attacker to execute arbitrary code on the target machine by enticing a user of Publish-It to open a malicious .PUI file.
c09c7bc2af2fa4964302e3a4f6d647d52b5f54144194e7dc8ab94d56a1e95f73TWiki versions 4.0.x through 6.0.0 contain a vulnerability in the Debug functionality. The value of the debugenableplugins parameter is used without proper sanitization in an Perl eval statement which allows remote code execution.
850efe714be5e6548a264c1cce672a60aa1ae5a53559548aa9e9d66cf64f53b5Websense Reporting suffers from multiple cross site scripting vulnerabilities.
19b2dc3d78140a923b9085dab9d45e139e61f79e70bb9f569bc419899ca2710bCore Security Technologies Advisory - There is a vulnerability in the message dispatcher used by FSSO Windows Active Directory and FSSO Novell eDirectory. Exploitation of this vulnerability might lead to a full network compromise.
71db9f10f9b435818bd0d386e8d452b7c9164712db61efab96b1aeb19649e8bcWebsense Explorer's report scheduler suffers from a cross site scripting vulnerability.
437a9f75eca191601c80ffa7f7c81146dc40026d999f157af7aa5fa4635d9461It was discovered that the Websense Data Security block page processes user-controllable data insecurely, rendering the block page vulnerable to cross site scripting.
f3ceee1d1b8d8314759c25514da344340d509358c90fe5b334a3fee4673a6305It was discovered that no access control is enforced on the explorer_wse path, which is exposed through the web server. An attacker can abuse this issue to download any file exposed by this path, including security reports and Websense Explorer configuration files.
ec6c438270cff0bddf53b78da134f39a1f995ed0021b3fa3dc986797bb9d28eaWebsense Triton is affected by a source code disclosure vulnerability. By appending a double quote character after JSP URLs, Websense will return the source code of the JSP instead of executing the JSP. An attacker can use this issue to inspect parts of Websense's source code in order to gain more knowledge about Websense's internals.
bea41cc67f2ff2025f34ba87479f5525c6c77dbe1476e500ef73fac0a668a4a3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed