Lucene search
K

7728 matches found

Atlassian
Atlassian
added 2008/11/13 3:49 a.m.19 views

Session must not be invalidated on logout

People ran into problems|http://forums.atlassian.com/thread.jspa?forumID=101&threadID=29965 because we started invalidating the session on logout in 2.9.2. They expect certain session attributes like the seraph LOGGEDOUTKEY to be present. This means we need to remove all session attributes except...

2.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/10/02 2:3 p.m.3 views

Apache Tomcat's default security policy is too open

The default catalina.policy in the JULI logging component in Apache Tomcat 5.5.9 through 5.5.25 and 6.0.0 through 6.0.15 does not restrict certain permissions for web applications, which allows attackers to modify logging configuration options and overwrite arbitrary files, as demonstrated by...

6.4CVSS6.1AI score0.05156EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.23 views

Gentoo Security Advisory GLSA 200804-16 (rsync)

The remote host is missing updates announced in advisory GLSA 200804-16. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

7.5CVSS0.5AI score0.04985EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.20 views

Gentoo Security Advisory GLSA 200804-16 (rsync)

The remote host is missing updates announced in advisory GLSA 200804-16. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.6AI score0.04985EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2008/08/13 2:17 p.m.4 views

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

4.3CVSS5.8AI score0.0276EPSS
Exploits1References4
OSV
OSV
added 2008/07/31 9:41 p.m.4 views

CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

5.5AI score
Exploits0References9
OSV
OSV
added 2008/07/31 9:41 p.m.1 views

DEBIAN-CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

4.3CVSS5.9AI score0.01553EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.5 views

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

4.3CVSS5.8AI score0.0276EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/04/22 12:0 a.m.32 views

GLSA-200804-16 : rsync: Execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-200804-16 rsync: Execution of arbitrary code Sebastian Krahmer of SUSE reported an integer overflow in the expanditemlist function in the file util.c which might lead to a heap-based buffer overflow when extended attribute xattr...

7.5CVSS6.2AI score0.04985EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2008/04/10 7:5 p.m.18 views

CVE-2008-1720

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...

7.5CVSS6.3AI score0.04985EPSS
Exploits1References3
OSV
OSV
added 2008/04/10 7:5 p.m.2 views

DEBIAN-CVE-2008-1720

Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors...

7.5CVSS8.3AI score0.04985EPSS
Exploits1References1
Snyk
Snyk
added 2008/04/10 7:5 p.m.2 views

Out-of-Bounds

Overview Affected versions of this package are vulnerable to Out-of-Bounds. Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute xattr support enabled, might allow remote attackers to execute arbitrary code via unknown vectors. Remediation There is no fixed version for rsync. Referenc...

7.5CVSS8.3AI score0.04985EPSS
Exploits1References2
OSV
OSV
added 2008/04/10 12:0 a.m.17 views

DSA-1545-1 rsync

Bulletin has no description...

7.5CVSS6.3AI score0.04985EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2008/04/10 12:0 a.m.3 views

PT-2008-1008 · Rsync · Rsync

Name of the Vulnerable Software and Affected Versions: rsync versions 2.6.9 through 3.0.1 Description: The issue affects the rsync package, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely. A buffer...

7.5CVSS7.5AI score0.04985EPSS
Exploits1References33
RedHat Linux
RedHat Linux
added 2008/03/24 10:16 p.m.8 views

JFreeChart: XSS vulnerabilities in the image map feature

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

4.3CVSS5.8AI score0.0276EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2008/01/10 12:0 a.m.31 views

drupal -- cross site scripting (utf8)

The Drupal Project reports: When outputting plaintext Drupal strips potentially dangerous HTML tags and attributes from HTML, and escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

4.3CVSS6.3AI score0.02271EPSS
Exploits0References2
OSV
OSV
added 2008/01/03 12:0 a.m.42 views

DSA-1444-1 php5 several issues

Bulletin has no description...

7.5CVSS8.7AI score0.07919EPSS
Exploits0
OSV
OSV
added 2007/12/11 9:46 p.m.14 views

CVE-2007-6306

Multiple cross-site scripting XSS vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 chart name or 2 chart tool tip text; or the 3 href, 4 shape, or 5 coords attribute of a chart area...

6.2AI score
Exploits0References18
RedHat Linux
RedHat Linux
added 2007/11/21 9:51 p.m.24 views

Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...

5CVSS5.8AI score0.01745EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.29 views

Ubuntu 6.06 LTS : mozilla-thunderbird vulnerabilities (USN-297-1)

Jonas Sicking discovered that under some circumstances persisted XUL attributes are associated with the wrong URL. A malicious website could exploit this to execute arbitrary code with the privileges of the user. MFSA 2006-35, CVE-2006-2775 Paul Nickerson discovered that content-defined setters o...

9.3CVSS9.1AI score0.07251EPSS
Exploits0References10
Rows per page
Query Builder