CloudForms: UI security issue on Openstack actions

A number of unused delete routes are present in CloudForms which can be accessed via GET requests instead of just POST requests. This could allow an attacker to bypass the protectfromforgery XSRF protection causing the routes to be used. This attack would require additional cross-site scripting o...

Kajona cross-site scripting vulnerability (CNVD-2016-08093)

Kajona is an open source CMS written in PHP. A cross-site scripting attack vulnerability exists in Kajona version 4.7. An attacker can use this vulnerability to obtain cookies, inject keyloggers or bypass CSRF protection...

Allfresco Community Edition: source code security analysis report

Several vulnerabilities were discovered in Alfresco Software 'Allfresco Community Edition' software: Утечка пользовательских данных между сессиями Использование XSL трансформации для исполнения произвольного кода Использование метода finalize Отсутствие верификации цифровой подписи исполняемых...

Ubuntu Update for tomcat7 USN-1685-1

Check for the Version of tomcat7 OpenVAS Vulnerability Test $Id: gbubuntuUSN16851.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for tomcat7 USN-1685-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free softwar...