SAP BussinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396.
Monthly Archives: February 2015
CVE-2015-2076
The Auditing service in SAP BussinessObjects Edge 4.0 allows remote attackers to obtains sensitive information by reading an audit event, aka SAP Note 2011395.
CVE-2015-2101
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2102
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
CVE-2015-2103
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).
Bugtraq: Cross-Site-Scripting (XSS) in tcllib's html::textarea
Cross-Site-Scripting (XSS) in tcllib’s html::textarea
Bugtraq: [SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
[SECURITY] CVE-2015-0254 XXE and RCE via XSL extension in JSTL XML tags
Bugtraq: WordPress Media Cleaner Plugin – XSS Vulnerability
WordPress Media Cleaner Plugin – XSS Vulnerability
Bugtraq: SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home
SEC Consult SA-20150227-0 :: Multiple vulnerabilities in Loxone Smart Home