Hello ! recently i found a vulnerability in Cisco Subscriber Edge Services Manager which enables the attacker to exploit the XSS and HTML Injection bug ! Details can be checked on Xc0re
I think all the versions are affected !
Tag Archives: Cisco
Cisco Subscriber Edge Services Manager Cross Site Scripting And HTML Injection Vulnerabilities
Packet Storm Security- Gekko CMS File Disclosure May 25, 2012Gekko CMS appears to suffer from a file disclosure vulnerability.
- WeBid converter.php Remote PHP Code Injection May 25, 2012This Metasploit module exploits a vulnerability found in WeBid version 1.0.2. By abusing the converter.php file, a malicious user can inject PHP code in the includes/currencies.php script without any authentication, which results in arbitrary code execution.
- RabidHamster R4 Log Entry sprintf() Buffer Overflow May 25, 2012This Metasploit module exploits a vulnerability found in RabidHamster R4's web server. By supplying a malformed HTTP request, it is possible to trigger a stack-based buffer overflow when generating a log, which may result in arbitrary code execution under the context of the user.
- ResEdit 1.5.11-win32 Buffer Overflow May 25, 2012ResEdit version 1.5.11-win32 suffers from a buffer overflow. Proof of concept denial of service exploits included.
- DornCMS 1.4 (add_page.php) Arbitrary File Upload May 25, 2012This Metasploit module exploits a vulnerability found in Dorn Content Management Script (CMS), version 1.4. By abusing the add_page.php file, the attacker can upload/add a new file (.php) to the /cms/pages/ directory without any authentication, which results in arbitrary code execution.
- LogAnalyzer 3.4.2 Cross Site Scripting / SQL Injection / File Read May 25, 2012LogAnalyzer version 3.4.2 suffers from cross site scripting, arbitrary file reading, and remote SQL injection vulnerabilities.
- Pligg CMS 1.2.1 Cross Site Scripting / Local File Inclusion May 25, 2012Pligg CMS version 1.2.1 suffers from cross site scripting and local file inclusion vulnerabilities.
- pragmaMx 1.12.1 Cross Site Scripting May 25, 2012pragmaMx version 1.12.1 suffers from a cross site scripting vulnerability.
- DynPage 1.0 Cross Site Request Forgery / Shell Upload May 25, 2012DynPage version 1.0 suffers from cross site request forgery and shell upload vulnerabilities.
- Social Engine 4.2.2 Cross Site Request Forgery / Cross Site Scripting May 24, 2012Social Engine version 4.2.2 suffers from cross site request forgery and cross site scripting vulnerabilities.
- Gekko CMS File Disclosure May 25, 2012
- Bugtraq
- Kingcopes AthCon 2012 Slides & Notes May 25, 2012
- CFP: Hacktivity 2012, October 12-13, Budapest, Hungary May 25, 2012
- GreHack 2012 - Call For Papers (Grenoble, France) May 25, 2012
- [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability May 24, 2012
- Multiple vulnerabilities in LogAnalyzer May 24, 2012
- Multiple vulnerabilities in Pligg CMS May 24, 2012
