524 matches found
CVE-2017-6591
There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field...
Information Disclosure
Plone is vulnerable to information disclosure. z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...
Deliberately Insecure Web Application: OWASP WebGoat
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...
WordPress Events Made Easy 1.5.49 CSRF / XSS
Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/ Events Made Easy is a full-featured event management solution fo...
CVE-2012-5491
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id...
Typo3 3.5 b5 HTML Hidden Form Field Information Disclosure Weakness (2)
No description provided by source. source: http://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use strict; use...
ShoutBox 1.2 Form Field HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated b...
MaxWebPortal 1.30 search.asp Search Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/7837/info A number of vulnerabilities have been discovered in the MaxWebPortal. The issues that have been discovered include: MaxWebPortal 'search.asp' has been reported prone to a cross-site scripting vulnerability. An...
Typo3 3.5 b5 HTML Hidden Form Field Information Disclosure Weakness (1)
No description provided by source. source: http://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use...
CGIScript.NET csMailto Hidden Form Field Remote Command Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration values used by the script are...
QuickCommerce 2.5/3.0,Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability
No description provided by source. E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source: http://www.securityfocus.com/bid/1237/info Various shopping cart applications u...
xNewsletter 1.0 Form Field Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4516/info xNewsletter is a script that allows web users to subscribe to a newsletter. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. xNewsletter does not...
CVE-2014-3432
Cross-site scripting XSS vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...
ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure
Introduction to the PoC : ====================================================================== In this distribution, the managment website is a binary file named "kerbynet" interpreted in cgi-bin directory here : /cdrom/usr/local/apache2/cgi-bin/kerbynet So all url look like this :...
Cross site scripting
Cross-site scripting XSS vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...
Cross site scripting
Cross-site scripting XSS vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field...
CVE-2012-5472
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field...
CVE-2011-4730
The Server Administration Panel in Parallels Plesk Panel 10.2.0build1011110331.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in...
Authentication flaw
The Control Panel in Parallels Plesk Panel 10.4.4build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tool...
CVE-2011-4730
The vulnerability CVE-2011-4730 affects Parallels Plesk Panel 10.2.0_build1011110331.18, specifically its Server Administration Panel. The underlying issue is that the password form field is generated without disabling the browser autocomplete feature, which can allow an attacker to bypass authen...