117 matches found
DSA-2710-1 xml-security-c - several
Bulletin has no description...
Debian: Security Advisory (DSA-2710-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-2153
Removed by vendor...
CVE-2012-2153
CVE-2012-2153 affects Drupal 7.x prior to 7.14. The issue is an improper restriction of access to nodes in a list when using a contributed node access module, allowing remote authenticated users with the “Access the content overview page” permission to read all published nodes via the admin/conte...
SA-CORE-2012-002 - Drupal core multiple vulnerabilities
Denial of Service CVE: CVE-2012-1588 Drupal core's text filtering system provides several features including removing inappropriate HTML tags and automatically linking content that appears to be a link. A pattern in Drupal's text matching was found to be inefficient with certain specially crafted...
CVE-2011-2153
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...
CVE-2011-2153
CVE-2011-2153 affects SmarterTools SmarterStats 6.0 Web server. The vulnerability arises from Login.aspx accepting txtUser/txtPass in the query string, enabling context-dependent attackers to discover credentials by reading server access logs, Referer logs, or browser history (cross-domain Refere...
Debian DSA-2153-1 : linux-2.6 - privilege escalation/denial of service/information leak
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0435 Gleb Napatov reported an issue in the KVM subsystem...
CVE-2010-2153
Affected software: TCExam (versions 10.1.006 and 10.1.007). Vulnerable component: admin/code/tce_functions_tcecode_editor.php. Root cause / vulnerability type: Unrestricted file upload allowing an uploaded file with an executable extension to be stored and then accessed via a direct request to th...
CVE-2010-2153
creationtimestamp| type| source ---|---|--- 2010-06-02 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/34073...
CVE-2009-2153
CVE-2009-2153 affects Impleo Music Collection 2.0 (index.php). The vulnerability is a cross-site scripting (XSS) flaw in the sort parameter, enabling remote attackers to inject arbitrary web script or HTML. No further root-cause details are provided beyond the description; exploitation details ar...
CVE-2009-2153
creationtimestamp| type| source ---|---|--- 2009-06-15 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/8947...
CVE-2007-2153
CVE-2007-2153 is a cross-site scripting (XSS) vulnerability in the atmail.php component of @Mail 5.0. The issue allows remote attackers to inject arbitrary web script or HTML via the username parameter. The CVSS v2 base score is 6.8 (Medium) with network attack vector, no authentication, and part...
CVE-2006-2153
CVE-2006-2153 describes a cross-site scripting (XSS) vulnerability in DirectAdmin Hosting Management, specifically in the HTM_PASSWD component. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the domain parameter. This is the explicit vulnerability described i...
CVE-2002-2153
The vulnerability CVE-2002-2153 is a format string flaw in the PL/SQL module’s administrative pages of Oracle Application Server 4.0.8 (and 4.0.8 2). The underlying issue is a format string vulnerability that allows remote attackers to execute arbitrary code. The affected component is the PL/SQL ...
CVE-2005-2153
CVE-2005-2153 affects osTicket 1.3.1 beta and earlier, where a vulnerability in the PHP file class.ticket.php allows a remote attacker to inject SQL via the ticket variable, enabling arbitrary SQL commands. This is a classic SQL injection flaw that can impact data integrity and confidentiality. T...
CVE-2004-2153
Technical details for CVE-2004-2153 are not publicly provided in the supplied documents. No specifics on affected product/version, root cause, impact, or remediation are available here; monitor for updates.