9309 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...
CVE-2012-2578
Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...
MDaemon WorldClient < 12.5.7 Multiple XSS Vulnerabilities
According to its banner, the version of MDaemon's WorldClient is earlier than 12.5.7 and is, therefore, affected by the following cross-site scripting vulnerabilities : - Input supplied in body of an email is not properly sanitized before being presented to the user. Specially crafted email...
libxslt: Use-after-free when processing an invalid XPath expression
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...
Slackware Advisory SSA:2005-242-01 PCRE library
The remote host is missing an update as announced via advisory SSA:2005-242-01. OpenVAS Vulnerability Test $Id: esoftslkssa200524201.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...
Slackware: Security Advisory (SSA:2005-242-01)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-4387
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
Code injection
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
CVE-2012-4387
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
CVE-2012-4387
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
EUVD-2022-4209
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service CPU consumption via a long parameter name, which is processed as an OGNL expression...
CVE-2012-4387
CVE-2012-4387 is an Apache Struts DoS vulnerability: remote attacker can cause CPU exhaustion by sending a long parameter name that is processed as an OGNL expression. The issue affects Struts 2.0.0–2.3.4. In the connected IBM advisories, remediation centers on upgrading IBM Sterling Order Manage...
DEBIAN-CVE-2012-2870
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...
Design/Logic Flaw
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...
CVE-2012-2870
libxslt 1.1.26 and earlier, as used in Google Chrome before 21.0.1180.89, does not properly manage memory, which might allow remote attackers to cause a denial of service application crash via a crafted XSLT expression that is not properly identified during XPath navigation, related to 1 the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...
CVE-2012-2573
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-2585
Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...