165 matches found
mangago.me XSS vulnerability
Vulnerable URL: http://www.mangago.me/r/lsearch/?name=a%27aa%22onfocus=prompt/OPENBUGBOUNTY/%20autofocus=x%20bad=--%3E%3C/title%3E%3C/script%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| Yes, at 27.11.2017 Latest check for patch:| 27.11.2017 09:...
CVE-2016-4367
The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, 10.10, 10.11, 10.20, and 10.21 allows remote attackers to obtain sensitive information via unspecified vectors...
CVE-2016-4367
CVE-2016-4367 affects the HPE Universal CMDB Universal Discovery component (versions 10.0, 10.01, 10.10, 10.11, 10.20, 10.21). The issue allows remote attackers to obtain sensitive information via unspecified vectors. The connected documents do not provide concrete exploit details or a disclosed ...
CVE-2015-4367
The CVE-2015-4367 issue affects the Drupal Simple Subscription module (6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.1). The root cause is inadequate filtering/sanitization of user-submitted content in block content, enabling an authenticated user with the administer blocks permission to inject...
SA-CONTRIB-2015-071 - Simple Subscription - Cross Site Scripting (XSS)
This module enables you to add a block to allow visitors to subscribe to a site's newsletter. The module failed to sanitize some block content, leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...
CVE-2014-4367
The CVE-2014-4367 entry affects Apple iOS versions before 8, where Voice Dial can be triggered during upgrade actions. The underlying issue allows a physically proximate attacker to initiate calls by speaking a telephone number, as documented in multiple sources. According to the Apple security b...
Fedora 17 : glpi-0.83.9.1-1.fc17 (2013-11413)
Upstream changelog : - Bug 4306: Notification on delete document - Bug 4308: Knowbase : encoding issue to clean search - Bug 4309: Items disappear when you click in tabscrollermenu vertical list of tabs - Bug 4310: Password with - Bug 4313: Search problem on tab group view in central - Bug 4329:...
Fedora 19 : glpi-0.83.9.1-1.fc19 (2013-11315)
Upstream changelog : - Bug 4306: Notification on delete document - Bug 4308: Knowbase : encoding issue to clean search - Bug 4309: Items disappear when you click in tabscrollermenu vertical list of tabs - Bug 4310: Password with - Bug 4313: Search problem on tab group view in central - Bug 4329:...
CVE-2011-4367
creationtimestamp| type| source ---|---|--- 2012-02-09 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/36681 2025-08-17 21:02:22+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lwmrsaddof2v...
FreeBSD Ports: awstats
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2010-4367
CVE-2010-4367 affects AWStats (awstats.cgi) prior to 7.0. The vulnerability arises because a configdir parameter in the URL can be used to reference a crafted configuration file located on a WebDAV or NFS server, enabling remote command execution. Other OpenVAS/NVD entries corroborate the same de...
CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help...
CVE-2010-4367
creationtimestamp| type| source ---|---|--- 2010-11-30 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/35035...
AWStats fails to properly handle "\\" when specifying a configuration file directory
Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...
CVE-2009-4367
The CVE concerns the Sitecore Staging Module (Sitecore Staging Module 5.4.0 rev.080625 and earlier) where the Staging Webservice (sitecore modules/staging/service/api.asmx) can be lasered by crafted SOAP requests to bypass authentication. The root cause is an authentication bypass that accepts ar...
CVE-2009-4367
creationtimestamp| type| source ---|---|--- 2009-12-17 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/10513...
Security Center < 3.4.2.1 Directory Traversal Arbitrary File Access
The version of Tenable Security Center installed on the remote host appears to be earlier than 3.4.2.1. Such versions contain two vulnerabilities that allow a user who was logged into the Security Center to obtain system files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Gentoo Security Advisory GLSA 200708-17 (opera)
The remote host is missing updates announced in advisory GLSA 200708-17. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : opera (opera-4172)
This update of opera fixes a security vulnerabilities that allowed the execution of arbitrary code by using JavaScript. CVE-2007-4367 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update opera-4172...