4947 matches found
CVE-2010-2223
Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...
Design/Logic Flaw
Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...
Design/Logic Flaw
The snapshot merging functionality in Red Hat Enterprise Virtualization Manager aka RHEV-M before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a...
CVE-2010-2223
Virtual Desktop Server Manager VDSM in Red Hat Enterprise Virtualization Hypervisor aka RHEV-H or rhev-hypervisor before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the di...
CVE-2010-1584
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
Cross site scripting
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
CVE-2010-1584
Cross-site scripting XSS vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description...
CVE-2010-1584
The CVE-2010-1584 entry affects the Drupal Context module prior to 6.x-2.0-rc4. It describes a Cross-site scripting (XSS) vulnerability where remote authenticated users with Administer Blocks privileges can inject arbitrary script or HTML via a block description. The root cause is inadequate sani...
Memory corruption
Adobe Shockwave Player before 11.5.7.609 allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via crafted FFFFFF45h Shockwave 3D blocks in a Shockwave file...
PT-2010-1943 · Adobe · Shockwave Player
Name of the Vulnerable Software and Affected Versions: Adobe Shockwave Player versions prior to 11.5.7.609 Description: The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption. This can be achieved via crafted FFFFFF45h Shockwave 3D blocks...
Drupal 6.16 With Context 6.x-2.0-rc3 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Details of this disclosure may be found at: http://www.madirish.net/?article=457 CVE-2010-1584 Description of Vulnerability: - ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. T...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via 1 strings used in block translation or 2 the...
CVE-2010-1530
Multiple cross-site scripting XSS vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via 1 strings used in block translation or 2 the...
CVE-2010-1108
Cross-site scripting XSS vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors...
SA-CONTRIB-2010-010 - Author Contact - Cross site scripting
The Author Contact module provides a form to contact the author of the current post. The module does not properly sanitize parts of the provided block, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a malicious user gaining full administrative access. A user must...
CVE-2010-0370
Cross-site scripting XSS vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title...
Cross site scripting
Cross-site scripting XSS vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title...
CVE-2010-0370
CVE-2010-0370 describes a cross-site scripting (XSS) vulnerability in the Drupal Node Blocks module (versions 5.x-1.1 and earlier, and 6.x-1.3 and earlier). The issue allows remote authenticated users with permissions to create/edit content and administer blocks to inject arbitrary web script or ...
XSS Vulnerability in Drupal's Node Blocks contributed module (6.x-1.3 and 5.x-1.1)
XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella [email protected] Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish,...
Drupal's Node Blocks Cross Site Scripting
XSS Vulnerability in Drupal's Node Blocks contributed module 6.x-1.3 and 5.x-1.1 Discovered by Martin Barbella Description of Vulnerability: ----------------------------- Drupal is a free software package that allows an individual or a community of users to easily publish, manage and organize a...