Computer Security
[EN] securityvulns.ru no-pyccku


Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 05.07.2015
Published:05.07.2015
Source:
SecurityVulns ID:14567
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:PYJWT : pyjwt 0.2
 MANAGEENGINE : Asset Explorer 6.1
 NOVIUSOS : novius-os.5.0
 CACTI : cacti 0.8
 BLACKCATCMS : BlackCat CMS 1.1
 C2BOX : C2Box 4.0
 PIVOTX : PivotX 2.3
CVE:CVE-2015-5079
 CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in SecuritySetting/UserSecurity/UserManagement.aspx in B.A.S C2Box before 4.0.0 (r19171) allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via certain vectors.)
 CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php.)
 CVE-2015-4342 (SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id.)
 CVE-2015-3443 (Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask.)
 CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Original documentdocumentMustLive, Multiple vulnerabilities in Vulcan theme for WordPress + WAF bypass (05.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3295-1] cacti security update (05.07.2015)
 documentMarco Delai, CVE-2015-3443 XSS in Thycotic Secret Server version 8.6.000000 to 8.8.000004 (05.07.2015)
 documentapparitionsec_(at)_gmail.com, ManageEngine Asset Explorer v6.1 - Persistent Vulnerability (05.07.2015)
 documentapparitionsec_(at)_gmail.com, GeniXCMS XSS Vulnerabilities (05.07.2015)
 documentapparitionsec_(at)_gmail.com, mysql-lite-administrator XSS vulnerabilities (05.07.2015)
 documentDEBIAN, [SECURITY] [DSA 3293-1] pyjwt security update (05.07.2015)
 documentTim, Session Fixation, Reflected XSS, Code Execution in PivotX 2.3.10 (05.07.2015)
 documentwissam.bashour_(at)_helpag.com, CSRF Vulnerability in C2Box application CVE-2015-4460 (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge Hook Script Privilege Escalation (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge Password Hash Leak (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge downloadHook local file inclusion (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge show local file inclusion (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge tail local file inclusion (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge insecure password change (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge missing brute force protection (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge autocomplete on (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge missing clickjacking protection (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge weak password policy (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge missing XSRF protection (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge weak password storage mechanism (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge missing single login restriction (05.07.2015)
 documentotr_(at)_bockcay.de, CollabNet Subversion Edge indes local file inclusion (05.07.2015)
 documentapparitionsec_(at)_gmail.com, novius-os.5.0.1 Persistent XSS, LFI & Open Redirect Vulnerabilities (05.07.2015)
 documentHigh-Tech Bridge Security Research, Path Traversal in BlackCat CMS (05.07.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod