Lucene search
K

74 matches found

Atlassian
Atlassian
added 2015/02/26 1:52 p.m.21 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2015/02/26 1:52 p.m.20 views

Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel

Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...

0.7AI score
Exploits0Affected Software1
NVD
NVD
added 2014/11/05 11:55 a.m.10 views

CVE-2014-2373

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

7.5CVSS7AI score0.01802EPSS
Exploits0References3
Prion
Prion
added 2010/04/13 6:30 p.m.15 views

Sql injection

SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

6.8CVSS8.8AI score0.01109EPSS
Exploits0References2
CVE
CVE
added 2010/04/13 6:0 p.m.43 views

CVE-2010-1359

The CVE-2010-1359 issue affects xt:Commerce, specifically the Direct URL module’s bluegate_seo.inc.php. When magic_quotes_gpc is disabled, an input vector via the coID parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is described cons...

6.8CVSS8.4AI score0.01109EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2010/04/13 6:0 p.m.20 views

CVE-2010-1359

SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

8.1AI score0.01109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2010/04/13 12:0 a.m.6 views

PT-2010-3056 · Xt:Commerce · Xt:Commerce

Name of the Vulnerable Software and Affected Versions: xt:Commerce affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the coID parameter in the Direct URL module, specifically in the bluegate seo.inc.php file, when magic quotes gpc...

6.8CVSS7.7AI score0.01109EPSS
Exploits0References5
OSV
OSV
added 2007/04/10 11:19 p.m.3 views

UBUNTU-CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

7.5CVSS5.8AI score0.02592EPSS
Exploits0References2
NVD
NVD
added 2007/03/24 12:19 a.m.12 views

CVE-2007-1642

Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...

4CVSS6.2AI score0.01206EPSS
Exploits0References8
Prion
Prion
added 2007/03/24 12:19 a.m.16 views

Cross site request forgery (csrf)

Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...

4CVSS6.6AI score0.01206EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2007/03/16 9:19 p.m.14 views

CVE-2007-1471

admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp...

7.5CVSS7.1AI score0.07441EPSS
Exploits0References3
NVD
NVD
added 2006/06/28 11:5 p.m.16 views

CVE-2006-3290

HTTP server in Cisco Wireless Control System WCS for Linux and Windows before 3.251 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request...

5CVSS6.2AI score0.02314EPSS
Exploits0References7
Prion
Prion
added 2006/05/22 11:10 p.m.12 views

Design/Logic Flaw

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...

5CVSS7.1AI score0.0134EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2006/05/22 11:0 p.m.15 views

CVE-2006-2534

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...

6.5AI score0.0134EPSS
Exploits0References3
Rows per page
Query Builder