Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:25.01.2015
Source:
SecurityVulns ID:14235
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:MANAGEENGINE : ServiceDesk Plus 9.0
 WORDPRESS : Pixabay Images 2.3
 OSTICKET : osTicket 1.9
 XCART : X-CART 5.1
 INFINITEAUTOMATI : Mango Automation 2.4
 PROGRAMO : Program-O 2.4
 EVENTSENTRY : EventSentry 3.1
 PRETASHOP : Prestashop 1.6
 SYMPA : sympa 6.1
 EXPONENT : Exponent 2.3
CVE:CVE-2015-1180 (Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.)
 CVE-2015-1179 (Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter.)
 CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter.)
 CVE-2015-1177
 CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.)
 CVE-2015-1175 (Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.)
 CVE-2015-1032 (Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3134-1] sympa security update (25.01.2015)
 documentadvisories_(at)_mogwaisecurity.de, MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1175-xss-prestashop (25.01.2015)
 documentRiley Baird, CVE-2015-1032 Kiwix Cross-Site Scripting Vulnerability (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1176-xss-osticket (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1177-xss-exponent (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1178-xss-x-cart-ecommerce (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1179-xss-mango-automation-scada (25.01.2015)
 documentSudhanshu Chauhan, CVE-2015-1180-xss-eventsentry (25.01.2015)
 documentVulnerability Lab, Program-O v2.4.6 - Multiple Web Vulnerabilities (25.01.2015)
 documentrewterz, REWTERZ-20140101 - ManageEngine ServiceDesk SQL Injection Vulnerability (25.01.2015)
 documentrewterz, REWTERZ-20140102 - ManageEngine ServiceDesk Plus User Enumeration Vulnerability (25.01.2015)
 documentrewterz, Fwd: REWTERZ-20140103 - ManageEngine ServiceDesk Plus User Privileges Management Vulnerability (25.01.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod