Lucene search
K

806 matches found

Tenable Nessus
Tenable Nessus
added 2009/09/28 12:0 a.m.50 views

Mandriva Linux Security Advisory : php (MDVSA-2009:247)

Multiple vulnerabilities was discovered and corrected in php : The dbareplace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service file truncation via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the...

7.5CVSS5.6AI score0.0291EPSS
Exploits2References4
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.24 views

Fedora Core 11 FEDORA-2009-8184 (drupal-date)

The remote host is missing an update to drupal-date announced via advisory FEDORA-2009-8184. OpenVAS Vulnerability Test $Id: fcore20098184.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-8184 drupal-date Authors: Thomas Reinke Copyright: Copyright c...

2.1CVSS6.6AI score0.01217EPSS
Exploits0
Drupal
Drupal
added 2009/07/22 12:0 a.m.14 views

SA-CONTRIB-2009-044 - Bubbletimer - Multiple vulnerabilities

Bubbletimer allows users to create timesheets based on nodes. It suffers from a cross-site scripting XSS vulnerability due to not properly sanitizing node titles before they are displayed. It is also vulnerable to cross-site request forgeries CSRF making it possible for users to unknowingly add...

5.9AI score
Exploits0References9
Drupal
Drupal
added 2009/05/27 12:0 a.m.14 views

SA-CONTRIB-2009-031 - Ajax Session - Multiple vulnerabilities

The Ajax session module allows users to set PHP session variables using AJAX. The module does not make proper use of the Drupal API, leaving it open to multiple vulnerabilities, including Cross Site Request Forgeries CSRF and Cross Site Scripting XSS. Versions affected Ajax Session 5.x-1.0 Drupal...

7AI score
Exploits0References4
Drupal
Drupal
added 2009/04/29 12:0 a.m.12 views

SA-CONTRIB-2009-023 - News Page - SQL injection

The News Page module provides a node content type which displays feed items from an aggregator category, filtered by keywords entered into the 'Include Words' field of the node. Unfortunately the News Page module uses keywords directly in SQL queries without being sanitized, allowing SQL injectio...

8.1AI score
Exploits0References5
Drupal
Drupal
added 2009/04/15 12:0 a.m.17 views

SA-CONTRIB-2009-020 - Print - Cross site scripting

The Printer, e-mail and PDF versions "Print" module provides printer-friendly versions of content. The module does not correctly escape content titles, enabling malicious users to insert arbitrary HTML and scripts into certain pages. Such a cross site scripting XSS attack against sufficiently...

6AI score
Exploits0References7
Drupal
Drupal
added 2009/04/15 12:0 a.m.11 views

SA-CONTRIB-2009-021 CCK comment reference - Cross site scripting

CCK comment reference project, lets administrators define node fields that are references to comments. When displaying a node edit form, the titles of candidate referenced comments are not properly filtered, allowing malicious users to inject arbitrary code on those pages. Such a cross site...

6.4AI score
Exploits0References5
Drupal
Drupal
added 2009/03/18 12:0 a.m.9 views

SA-CONTRIB-2009-013 CCK - Cross site scripting

The Node reference and User reference sub-modules, which are part of the Content Construction Kit CCK project, lets administrators define node fields that are references to other nodes or to users. When displaying a node edit form, the titles of candidate referenced nodes or names of candidate...

6.3AI score
Exploits0References5
Drupal
Drupal
added 2009/03/11 12:0 a.m.18 views

SA-CONTRIB-2009-009 Forward module can be used as a spam relay

This vulnerability allows spammers or spambots to use sites with the Forward module installed to send nearly unlimited e-mail. Due to improper use of Drupal's flood control API, it is possible for one user to send an unlimited numbers of mails using the forward module. Important note : the securi...

7.1AI score
Exploits0References3
OpenVAS
OpenVAS
added 2009/02/27 12:0 a.m.33 views

Fedora Update for quagga FEDORA-2007-2196

Check for the Version of quagga OpenVAS Vulnerability Test Fedora Update for quagga FEDORA-2007-2196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

6.3CVSS7.6AI score0.0174EPSS
Exploits0References2
Drupal
Drupal
added 2009/02/11 12:0 a.m.14 views

SA-CONTRIB-2009-007 - Advertisement Cross-site scripting

The Advertisement module displays and tracks advertisements on Drupal websites. Unsanitized text is displayed in several places, allowing users with "administer advertisements" permissions to execute arbitrary code. Users with "administer advertisements" permissions have the ability to configure...

7.8AI score
Exploits0References5
Drupal
Drupal
added 2009/02/04 12:0 a.m.10 views

SA-CONTRIB-2009-005 - Views bulk operations - Cross site scripting

Views bulk operations augments Views by enabling bulk operations to be executed on the content displayed by a view. Views bulk operations does not properly escape user-supplied data on some pages, allowing malicious users to insert arbitrary HTML and script code into these pages. Such a cross sit...

6AI score
Exploits0References7
Drupal
Drupal
added 2009/01/15 12:0 a.m.19 views

SA-CONTRIB-2009-004 - Notify - Privilege escalation

A user triggering the cron processing of the Notify module may end up getting logged in as another user when the Notify operations do not complete succesfully. Versions Affected Versions of Notify for Drupal 5.x prior to 5.x-1.2 Drupal core is not affected. If you do not use the Notify module,...

7.1AI score
Exploits0References3
Drupal
Drupal
added 2009/01/07 12:0 a.m.9 views

SA-CONTRIB-2009-001 - Project release - Multiple vulnerabilities

Exploitable from: Remote Vulnerabilities: Arbitrary file upload, Cross-site scripting XSS The Project release module is a component within the broader Project module. This announcement covers the following two issues: 1. Project release enables file attachments to create a specific version of cod...

7AI score
Exploits0References7
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.28 views

FreeBSD Ports: postgresql-contrib

The remote host is missing an update to the system as announced in the referenced advisory. VID 6a164d84-2f7f-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

2.1CVSS6.3AI score0.00452EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.12 views

FreeBSD Ports: postgresql-contrib

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

2.1CVSS6.5AI score0.00452EPSS
Exploits0References4
Drupal
Drupal
added 2008/04/02 12:0 a.m.11 views

SA-2008-023 - Ubercart - Cross site scripting

During checkout in Ubercart enabled stores, customers have text fields in which to enter their address and order information. Some stores will have modules enabled that restrict what sort of values are accepted in these fields, but this is not the case for everyone. This provides an opportunity f...

6.5AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2008/01/14 12:0 a.m.58 views

CentOS 3 : postgresql (CESA-2008:0039)

Updated postgresql packages that fix several security issues are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PostgreSQL is an advanced Object-Relational database management system DBMS. The...

7.2CVSS7.9AI score0.03098EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2007/06/07 12:0 a.m.19 views

Fedora Core 6 : quagga-0.99.7-1.fc6 (2007-525)

This update contains rebase to quagga-0.99.7 along with fix for CVE-2007-1995. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...

6.3CVSS8.2AI score0.0174EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.31 views

Ubuntu 4.10 : postgresql contributed script vulnerability (USN-6-1)

Recently, Trustix Secure Linux discovered a vulnerability in the postgresql-contrib package. The script 'makeoidjoinscheck' created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the script. Note...

2.1CVSS5.6AI score0.00452EPSS
Exploits0References1
Rows per page
Query Builder