56 matches found
mediawiki: multiple issues
CVE-2016-6331 permission bypass Check read permission when loading page content in ApiParse. Prevents leaking page contents for extensions that deny read rights to certain pages via a userCan hook, but still allow the user to have read rights in general. - CVE-2016-6332 permission bypass Make...
Cisco Prime Collaboration Assurance 10.5.1.x < 10.5.1.58480 Multiple Vulnerabilities
According to its self-reported version number, the remote Cisco Prime Collaboration Assurance device is 10.5.1.x prior to 10.5.1.58480. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in the web framework of Cisco Prime Collaboration...
CVE-2015-6331
CVE-2015-6331 is a SQL injection vulnerability in the web framework of Cisco Prime Collaboration Assurance (PCA). The issue affects PCA 10.5.1.x before 10.5.1.58480, with an authenticated remote attacker able to inject or manipulate SQL via input used in backend queries, potentially exposing or m...
CVE-2014-6331
CVE-2014-6331 affects Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1 and 3.0. The vulnerability arises when a configured SAML Relying Party lacks a sign-out endpoint and logoff actions are not processed correctly, enabling information disclosure and potential access via an unatte...
Microsoft Active Directory Federation Services CVE-2014-6331 Information Disclosure Vulnerability
Description Microsoft Active Directory Federation Services is prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. Technologies Affected Microsoft Active Directory Federation Services 2.0...
KLA10612 Information disclosure vulnerability in Microsoft AD Federation Services
An unspecified vulnerability was found in Microsoft AD Federation Services. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via unattended workstation manipulations. Original advisories CVE-2014-6331 Related products...
CVE-2013-6302
CVE-2013-6302 is a SQL injection vulnerability affecting IBM Algo One as used in MetaData Management Tools (UDS 4.7.0–5.0.0), ACSWeb in Algo Security Access Control Management (4.7.0–4.9.0), and ACSWebApps (5.0.0). The underlying issue allows remote authenticated users to execute arbitrary SQL vi...
CVE-2013-6331
SQL injection vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to execute arbitrary SQL commands via unspecified...
CVE-2008-6331
Multiple cross-site request forgery CSRF vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2008-6331
Multiple cross-site request forgery CSRF vulnerabilities in Streber before 0.08093 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2008-6331
The vulnerability is in the Streber application prior to version 0.08093 , described as multiple CSRF vulnerabilities that allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. The available documents do not provide concrete exploit steps, affected compon...
DSquare Exploit Pack: D2SEC_HPINFO
Name| d2sechpinfo ---|--- CVE| CVE-2007-6331 Exploit Pack| D2ExploitPack Description| HP Info Center HPInfoDLL.DLL ActiveX Arbitrary Code Execution Vulnerability Notes|...
CVE-2007-6331
CVE-2007-6331 describes an absolute path traversal in the HPInfoDLL.HPInfo.1 ActiveX control (HPInfoDLL.dll 1.0) shipped with HP Info Center and the HP Quick Launch Button (QLB) software, up to version 6.3. The vulnerability allows remote attackers to execute arbitrary programs by passing a craft...
KLA10186 Multiple vulnerabilities in HP Quick Launch Button
Multiple serious vulnerabilities have been found in HP Quick Launch Button. Malicious users can exploit these vulnerabilities to read and write arbitrary registry entries or execute arbitrary programs Below is a complete list of vulnerabilities 1. Vectors related to GetRegValue and SetRegValue ca...
CVE-2006-6331
metaInfo.php in TorrentFlux 2.2, when $cfg"enablefilepriority" is false, allows remote attackers to execute arbitrary commands via shell metacharacters backticks in the torrent parameter to 1 details.php and 2 startpop.php...
CVE-2006-6331
CVE-2006-6331 affects TorrentFlux 2.2. When $cfg["enable_file_priority"] is false, remote attackers can execute arbitrary commands via shell metacharacters (backticks) in the torrent parameter to details.php and startpop.php. This is a remote, unauthenticated command-injection affecting the web-f...