Lucene search
K

990 matches found

Fedora
Fedora
added 2010/06/21 9:27 p.m.18 views

[SECURITY] Fedora 11 Update: drupal-cck-6.x.2.7-1.fc11

The Content Construction Kit allows you create and customize fields using a web browser. The 4.7x version of CCK creates custom content types and allows you to add custom fields to them. In Drupal 5.x custom content types can be created in core, and CCK allows you to add custom fields to any...

3.5AI score
Exploits0
Atlassian
Atlassian
added 2010/03/16 1:0 a.m.16 views

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/16 1:0 a.m.19 views

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...

0.7AI score
Exploits0
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.28 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/03/01 3:54 a.m.21 views

JQL breaks issue security levels based on custom fields

The MultiSelectCustomFieldIndexer does 2 things: index but don't store a case-folded version in the field "customfield10017:retail" store a "raw" version in a new field with the raw added to the end "customfield10017raw:Retail" The problem is that com.atlassian.jira.security.type.GroupCF looks fo...

2.7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/12/01 12:0 a.m.46 views

Adapt CMS Lite 1.5 Remote File Inclusion

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability - Author : v3n0m - Contact :...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2009/11/29 12:0 a.m.28 views

AdaptCMS Lite 1.5 - Remote File Inclusion

AdaptCMS Lite 1.5 - Remote File Inclusion / / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion...

Exploits0
Exploit DB
Exploit DB
added 2009/11/29 12:0 a.m.46 views

AdaptCMS Lite 1.5 - Remote File Inclusion

/ / / \ \ \ \ \ / / \\ \ \ \ \ // /// \ \ / / \ //|\ / \ \ \ \ \ \ / / \ \ / / \ | | | \ | | || | | |/ / \ V / || |\ V / / \ | / \ | /| | | || / | | | | . | ' || / | || // \ // \|||/|||||||||\ + AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability - Author : v3n0m - Contact :...

7.4AI score
Exploits0
NVD
NVD
added 2009/11/17 6:30 p.m.18 views

CVE-2009-3892

Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...

4.3CVSS5.7AI score0.01083EPSS
Exploits0References5
Prion
Prion
added 2009/11/17 6:30 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...

4.3CVSS6.2AI score0.01083EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2009/11/17 6:0 p.m.24 views

CVE-2009-3892

Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...

5.7AI score0.01083EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2009/11/17 12:0 a.m.11 views

PT-2009-6116 · Best Practical Solutions · Rt

Name of the Vulnerable Software and Affected Versions: Best Practical Solutions RT versions 3.4.6 through 3.8.4 Best Practical Solutions RT versions 3.6.x through 3.6.8 Best Practical Solutions RT versions 3.8.x through 3.8.4 Description: A cross-site scripting XSS issue allows remote attackers t...

4.3CVSS5.8AI score0.01083EPSS
Exploits0References7
Atlassian
Atlassian
added 2009/04/24 5:21 p.m.23 views

Shared Filter properties exposed without authentication

Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal. Example 1: Searching filters http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search Example 2: Viewing properties of filters. I can see custom fields, sear...

0.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/04/24 5:21 p.m.23 views

Shared Filter properties exposed without authentication

Some URLs are not protected by authentication which could expose some properties in JIRA that users may not wish to reveal. Example 1: Searching filters http://support.atlassian.com/secure/ManageFilters.jspa?filterView=search Example 2: Viewing properties of filters. I can see custom fields, sear...

0.8AI score
Exploits0Affected Software1
Fedora
Fedora
added 2009/03/20 6:36 p.m.11 views

[SECURITY] Fedora 10 Update: drupal-cck-6.x.2.2-1.fc10

The Content Construction Kit allows you create and customize fields using a web browser. The 4.7x version of CCK creates custom content types and allows you to add custom fields to them. In Drupal 5.x custom content types can be created in core, and CCK allows you to add custom fields to any...

3.5AI score
Exploits0
Prion
Prion
added 2009/02/22 10:30 p.m.16 views

Design/Logic Flaw

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

6.5CVSS7.9AI score0.0265EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2009/02/22 10:30 p.m.24 views

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

6.5CVSS7.4AI score0.0265EPSS
Exploits1References6
Cvelist
Cvelist
added 2009/02/22 10:0 p.m.25 views

CVE-2009-0673

Eval injection vulnerability in the Custom Fields feature in the Your Account module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php...

7.4AI score0.0265EPSS
Exploits1References6
CVE
CVE
added 2009/02/22 10:0 p.m.41 views

CVE-2009-0673

CVE-2009-0673 describes an eval injection in RavenNuke 2.30’s Custom Fields within the Your Account module. The vulnerability allows remote authenticated administrators to execute arbitrary PHP code via the ID Field Name box in a yaCustomFields action to admin.php. Affected product/stack: Raven W...

6.5CVSS7.6AI score0.0265EPSS
Exploits1References6Affected Software1
Fedora
Fedora
added 2008/11/22 4:57 p.m.13 views

[SECURITY] Fedora 10 Update: drupal-cck-6.x.2.0-3.fc10

The Content Construction Kit allows you create and customize fields using a web browser. The 4.7x version of CCK creates custom content types and allows you to add custom fields to them. In Drupal 5.x custom content types can be created in core, and CCK allows you to add custom fields to any...

3.5AI score
Exploits0
Rows per page
Query Builder