Published: 26/11/2011 Updated: 09/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 460

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote malicious users to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
combodo itop 1.1.181
combodo itop 1.2.0

iTop version 11181 suffers from multiple cross site scripting vulnerabilities ...

## # This module requires Metasploit: http//metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info={}) super(update_inf ...

# Exploit Title: ZonPHP V225 RCE Vulnerability # Google Dork: intext:"Made by SLAPER" # Date: 21-10-2013 # Exploit Author: Halim Cruzito # Vendor Homepage: wwwslaperbe # Software Link: wwwslaperbe/zonPHPv225zip # Version: v225 # Tested on: Windows 7 # PoC: <?php $url = "server/"; $path = "ofc/ofc_upload_imagephp?n ...

Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 043 Piwik Piwik 042 Piwik Piwik 041 Piwik Piwik 04 Piwik Piwik 0237 Piwik Piwik 0236 Piwik Piwik 0235 Open Web Analytics Open Web Analytics 12 ...

<?php /* OpenEMR 411 (ofc_upload_imagephp) Arbitrary File Upload Vulnerability Vendor: OpenEMR Product web page: wwwopen-emrorg Affected version: 411 Summary: OpenEMR is a Free and Open Source electronic health records and medical practice management application that can run on Windows, Linux, Mac OS X, and many other platform ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking ...

# Exploit Title: joomla component com_civicrm remode code injection exploit # Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart" # Date: 20/04/2013 # Exploit Author: iskorpitx # Vendor Homepage: civicrmorg # Software Link: civicrmorg/blogs/yashodha/announcing-civicrm-422 # Version: [c ...

CWE-79 http://www.securityfocus.com/archive/1/520632 http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt http://www.securityfocus.com/archive/1/520632/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/107245/iTop-1.1.181-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/29210/

CVE-2011-4275

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect