• CVE-2012-2588 2014/09/19
    Multiple cross-site scripting (XSS) vulnerabilities in MailEnable Enterprise 6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, or (3) Subject header or (4) body in an SMTP e-mail message. (CVSS:4.3) (Last Update:2014-09-19)
  • CVE-2012-6658 2014/09/17
    Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types. (CVSS:4.3) (Last Update:2014-09-18)
  • CVE-2012-1417 2014/09/17
    Multiple cross-site scripting (XSS) vulnerabilities in Local Phone book and Blacklist form in Yealink VOIP Phones allow remote authenticated users to inject arbitrary web script or HTML via the user field to cgi-bin/ConfigManApp.com. (CVSS:3.5) (Last Update:2014-09-17)
  • CVE-2012-2956 2014/09/17
    SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to api_v2.json. NOTE: this entry was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6658 is for the XSS. (CVSS:6.5) (Last Update:2014-09-18)
  • CVE-2012-2583 2014/09/17
    Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget plugin 1.42 for WordPress allows remote attackers to inject arbitrary web script or HTML via the body of an email. (CVSS:4.3) (Last Update:2014-09-18)
  • CVE-2014-2008 2014/09/12
    SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter. (CVSS:7.5) (Last Update:2014-09-15)
  • CVE-2014-2009 2014/09/12
    The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log. (CVSS:5.0) (Last Update:2014-09-15)
  • CVE-2012-4240 2014/09/11
    SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter. (CVSS:6.5) (Last Update:2014-09-11)
  • CVE-2012-0984 2014/09/11
    Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via the (1) to_userid parameter to modules/pm/pmlite.php or the (2) current_file, (3) imgcat_id, or (4) target parameter to class/xoopseditor/tinymce/tinymce/jscripts/tiny_mce/plugins/xoopsimagemanager/xoopsimagebrowser.php.
  • CVE-2014-3740 2014/09/11
    Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page. (CVSS:3.5) (Last Update:2014-09-12)
  • CVE-2014-2223 2014/09/11
    Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file and a non-zero length PNG file, then accessing the PHP file via a direct request to it in plog-content/uploads/archive/. (CVSS:7.5) (Last Update:2014-0
  • CVE-2014-6070 2014/09/11
    Multiple cross-site scripting (XSS) vulnerabilities in Adiscon LogAnalyzer before 3.6.6 allow remote attackers to inject arbitrary web script or HTML via the hostname in (1) index.php or (2) detail.php. (CVSS:4.3) (Last Update:2014-09-11)
  • CVE-2014-5519 2014/09/11
    The Ploticus module in PhpWiki 1.5.0 allows remote attackers to execute arbitrary code via shell metacharacters in a device option in the edit[content] parameter to index.php/HeIp. NOTE: some of these details are obtained from third party information. (CVSS:7.5) (Last Update:2014-09-11)
  • CVE-2014-5460 2014/09/11
    Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. (CVSS:6.5) (Last Update:2014-09-15)
  • CVE-2014-5464 2014/09/08
    Cross-site scripting (XSS) vulnerability in the nDPI traffic classification library in ntopng (aka ntop) before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. (CVSS:4.3) (Last Update:2014-09-09)
  • CVE-2012-4234 2014/09/04
    Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. (CVSS:4.3) (Last Update:2014-09-05)
  • CVE-2012-4768 2014/09/04
    Cross-site scripting (XSS) vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. (CVSS:4.3) (Last Update:2014-09-05)
  • CVE-2014-5377 2014/09/04
    ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 build 5981 allows remote attackers to obtain user account credentials via a direct request. (CVSS:5.0) (Last Update:2014-09-08)
  • CVE-2014-5465 2014/09/03
    Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. (CVSS:5.0) (Last Update:2014-09-03)
  • CVE-2014-5521 2014/09/02
    plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter. (CVSS:6.5) (Last Update:2014-09-03)

Information Systems Security

Negation Networks is a full spectrum Information Systems Security Solutions provider committed to the absolute highest quality customer service and technical excellence.


 


Real Time DDOS Map Courtesy of ShadowServer.org