74 matches found
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...
CVE-2014-2373
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...
Sql injection
SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
CVE-2010-1359
The CVE-2010-1359 issue affects xt:Commerce, specifically the Direct URL module’s bluegate_seo.inc.php. When magic_quotes_gpc is disabled, an input vector via the coID parameter enables SQL injection, allowing remote attackers to execute arbitrary SQL commands. The vulnerability is described cons...
CVE-2010-1359
SQL injection vulnerability in bluegateseo.inc.php in the Direct URL module for xt:Commerce, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the coID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
PT-2010-3056 · Xt:Commerce · Xt:Commerce
Name of the Vulnerable Software and Affected Versions: xt:Commerce affected versions not specified Description: The issue allows remote attackers to execute arbitrary SQL commands via the coID parameter in the Direct URL module, specifically in the bluegate seo.inc.php file, when magic quotes gpc...
UBUNTU-CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
CVE-2007-1642
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...
Cross site request forgery (csrf)
Unspecified vulnerability in ManageEngine Firewall Analyzer allows remote authenticated users to "access any common file" via a direct URL request...
CVE-2007-1471
admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass authentication controls and gain privileges via a direct URL request for admin/AdminBlogNewsEdit.asp...
CVE-2006-3290
HTTP server in Cisco Wireless Control System WCS for Linux and Windows before 3.251 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request...
Design/Logic Flaw
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...
CVE-2006-2534
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...