Смотрите также связанные темы 21.06.2018 Protecting Against Application-Specific Attacks We’ve seen an evolution from mass-mailing viruses to more targeted attacks and threats targeting OS vulnerabilities moving to attacks against applications. We’ve seen growth in attacks targeting systems that contain valuable data, including mission-critical enterprise applications sitting in virtual environments, SAP solution-based environments and storage systems. Companies must take these threats seriously and look for [...]
18.10.2018 CVE-2015-5444 Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
31.01.2018 CVE-2016-1930 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
19.08.2018 CVE-2008-3712 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.
19.08.2018 CVE-2008-3710 Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) script_path parameter to (a) options.php and the (2) lang_code parameter to (b) copy_vip.php and (c) process_edit_board.php in adminopts/. NOTE: some of these vectors might not be vulnerabilities under proper installation.
19.08.2018 CVE-2008-3709 Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.
19.08.2018 CVE-2008-3708 Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter to (1) news/index.dot and (2) getting_started/macros/macros_detail.dot.
14.08.2018 CVE-2008-3679 Multiple cross-site scripting (XSS) vulnerabilities in index.html in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
27.08.2018 CVE-2008-3851 Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a .. (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.html; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.html. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an incomplete fix for CVE-2008-3194.
08.10.2018 CVE-2008-4502 Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
|