365 matches found
Design/Logic Flaw
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
DEBIAN-CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
CVE-2017-8815
CVE-2017-8815 affects MediaWiki’s language converter: unsafe attribute injection via glossary rules in versions before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2. This metadata is supported by multiple advisories (Debian DSA-4036, Arch ASA-2017-11-20, Mageia/MEDIAWiki notes). Impact d...
CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
CVE-2017-8815
The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attribute injection attacks via glossary rules...
mediawiki -- multiple vulnerabilities
mediawiki reports: security fixes: T128209: Reflected File Download from api.php. Reported by Abdullah Hussam. T165846: BotPasswords doesn't throttle login attempts. T134100: On private wikis, login form shouldn't distinguish between login failure due to bad username and bad password. T178451: XS...
Debian: Security Advisory (DSA-4036-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : phpMyAdmin -- Multiple vulnerabilities (7721562b-e20a-11e6-b2e2-6805ca0b3d42)
The phpMyAdmin development team reports : Open redirect php-gettext code execution DOS vulnerability in table editing CSS injection in themes Cookie attribute injection attack SSRF in replication DOS in replication status %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...
Algolia: Stored XSS from Display Settings triggered on Save and viewing realtime search demo
Here are the steps to trigger the XSS: 1. Create a JSON record that will contain the following attribute: "": "XSS attribute" 2. Go to Indices - Display and select the attribute under Attributes for Faceting and click save. 3. Note that XSS is triggered multiple times on that page. 4. XSS is now...
phpMyAdmin Injection Attack Vulnerability
phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin 4.6.3...
CVE-2016-5702
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...
Design/Logic Flaw
phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHPSELF value, allows remote attackers to conduct cookie-attribute injection attacks via a crafted URI...
CVE-2016-5702
CVE-2016-5702 affects phpMyAdmin 4.6.x prior to 4.6.3. The vulnerability arises when the environment lacks PHP_SELF, enabling cookie-attribute injection via a crafted URI. Affected component is the web management interface; the root cause is missing PHP_SELF handling that allows manipulation of c...
WordPress 4.2 - Persistent Cross-Site Scripting
WordPress 4.2 - Persistent Cross-Site Scripting Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If...
CVE-2014-6254
Multiple cross-site scripting XSS vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a 1 device name, 2 device detail, 3 report name, 4 report detail, or 5 portlet name, or 6 a string to a helper method, aka ZEN-15381...
Opera 7.0/7.10 JavaScript Console Single Quote Attribute Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7449/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...
Opera 7.0 JavaScript Console Attribute Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability to execute script...