283 matches found
Randomised password not sent in email
When creating a user with password normally, the notification email to that new user will contain the password. However creating a new user and leave the password blank, JIRA randomly generates a password for that user, but the randomised password "is not sent" in the notification email to that...
POP Peeper UIDL处理栈溢出漏洞
BUGTRAQ ID: 33926 POP Peeper是运行在Windows任务栏中的邮件通知程序,当接收到新邮件时会给出提示。 POP Peeper的客户端在检索邮件时存在栈溢出漏洞。当用户试图连接到用作了POP3守护程序的邮件服务器时,POP Peeper客户端会使用UIDL命令获得所要检索的每封邮件的特定ID。如果恶意服务器发送了超过1040字节的超长ID的话,就可以溢出栈上缓冲区,允许攻击者完全控制进程。 Mortal Universe Software Entertainment POP Peeper 3.4.0.0 厂商补丁: Mortal Universe Softwar...
Unfixed XSS vulnerability at www.funfon.ru
Security researcher BlueMax, has submitted on 11/08/2008 a cross-site-scripting XSS vulnerability affecting www.funfon.ru, which at the time of submission ranked 5955257 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/08/2008. It is currentl...
Unfixed XSS vulnerability at securityoracle.patrolstore.com
Security researcher Tr0jAn, has submitted on 27/10/2008 a cross-site-scripting XSS vulnerability affecting securityoracle.patrolstore.com, which at the time of submission ranked 574559 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2009...
Unfixed XSS vulnerability at www.tuningshop.ir
Security researcher IHZTEAM, has submitted on 09/10/2008 a cross-site-scripting XSS vulnerability affecting www.tuningshop.ir, which at the time of submission ranked 1088316 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/10/2008. It is...
Unfixed XSS vulnerability at inuyashastore.viz.com
Security researcher xylitol, has submitted on 13/08/2008 a cross-site-scripting XSS vulnerability affecting inuyashastore.viz.com, which at the time of submission ranked 9936 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/08/2008. It is...
Unfixed XSS vulnerability at forum.finalfantasyunlimited.net
Security researcher kInGoFcHaOs, has submitted on 28/07/2008 a cross-site-scripting XSS vulnerability affecting forum.finalfantasyunlimited.net, which at the time of submission ranked 269707 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Unfixed XSS vulnerability at library.uncc.edu
Security researcher doublecheck, has submitted on 20/07/2008 a cross-site-scripting XSS vulnerability affecting library.uncc.edu, which at the time of submission ranked 24468 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/09/2008. It is...
Unfixed XSS vulnerability at billdouglas.ex.ac.uk
Security researcher CCC, has submitted on 31/05/2008 a cross-site-scripting XSS vulnerability affecting billdouglas.ex.ac.uk, which at the time of submission ranked 26741 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/07/2008. It is current...
Unfixed XSS vulnerability at atlasmuren.se
Security researcher Uber0n, has submitted on 25/05/2008 a cross-site-scripting XSS vulnerability affecting atlasmuren.se, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008. It is currently...
Unfixed XSS vulnerability at www.stragi.it
Security researcher s3rg3770, has submitted on 16/05/2008 a cross-site-scripting XSS vulnerability affecting www.stragi.it, which at the time of submission ranked 3787988 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/05/2008. It is current...
Unfixed XSS vulnerability at www.pickuppal.com
Security researcher Mystick, has submitted on 05/12/2008 a cross-site-scripting XSS vulnerability affecting www.pickuppal.com, which at the time of submission ranked 202345 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/01/2009. It is...
Unfixed Redirect vulnerability at www.portslock.com
Security researcher holisticinfosec, has submitted on 29/04/2008 a Redirect vulnerability affecting www.portslock.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/06/2008. It is currently unfixed...
Unfixed XSS vulnerability at www.theoceans.net
Security researcher cueballr, has submitted on 17/04/2008 a cross-site-scripting XSS vulnerability affecting www.theoceans.net, which at the time of submission ranked 1749749 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/04/2008. It is...
Code injection
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID...
CVE-2008-1627
CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID...
CVE-2008-1627
CVE-2008-1627 affects CDS Invenio 0.92.1 and earlier. The issue allows remote authenticated users to delete email notification alerts of arbitrary users by modifying an internal UID. This is the explicit vulnerability described in the connected CVE records. The documents do not provide a remediat...
Unfixed XSS vulnerability at www.sha1.info
Security researcher Xbox2002, has submitted on 14/02/2008 a cross-site-scripting XSS vulnerability affecting www.sha1.info, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 31/03/2008. It is currently...
ClipShare 2.6 - Remote User Password Change
ClipShare 2.6 - Remote User Password Change !/usr/bin/perl -w priv8 Pr0metheuS Exploit Name: Clipshare Remote User Password Change Exploit Version Script: Clipshare 2.6 Dork: "Powered by Clipshare" EnjoY print "-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-"; print "\nClipshare 2.6 Remote User...
Unfixed XSS vulnerability at www.ufukhalisaha.com
Security researcher Narcoticxs, has submitted on 12/08/2007 a cross-site-scripting XSS vulnerability affecting www.ufukhalisaha.com, which at the time of submission ranked 3256534 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 21/08/2007. It i...