Lucene search
K

2978 matches found

Cvelist
Cvelist
added 2005/05/10 4:0 a.m.26 views

CVE-2004-2058

ASPRunner 2.4 allows remote attackers to gain sensitive information via 1 hidden form fields or 2 error messages...

6.6AI score0.01793EPSS
Exploits1References8
CVE
CVE
added 2005/05/10 4:0 a.m.50 views

CVE-2004-2058

CVE-2004-2058 affects ASPrunner 2.4, where a remote attacker can disclose sensitive information via (1) hidden form fields or (2) error messages. The core description in the CVE entry is that ASPRunner 2.4 allows information disclosure to unauthenticated remote actors. Connected documents corrobo...

5CVSS6.6AI score0.01793EPSS
Exploits1References8Affected Software1
securityvulns
securityvulns
added 2005/05/03 12:0 a.m.40 views

ASP.NET __VIEWSTATE crypto validation prone to replay attacks

Good morning, ASP.NET's extremely popular VIEWSTATE functionality provides an automatic, uniform method for storing current state of all webpage "controls" including form fields, database views, etc, so that user-entered data automagically persists and is populated across newly rendered HTML, and...

Exploits0
NVD
NVD
added 2004/12/31 5:0 a.m.18 views

CVE-2004-2058

ASPRunner 2.4 allows remote attackers to gain sensitive information via 1 hidden form fields or 2 error messages...

5CVSS6.6AI score0.01793EPSS
Exploits1References8
NVD
NVD
added 2004/12/31 5:0 a.m.11 views

CVE-2004-2330

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields...

5CVSS6.7AI score0.01591EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/10/22 12:0 a.m.13 views

Multiple Browsers - Tabbed Browsing

Multiple Browsers - Tabbed Browsing Test Your Browser Open the link below in a new tab, then try to type data into form fields on the CitiBank website. Open this Link in New Tab Result: Keystrokes you pressed on the CitiBank website. /textarea // milw0rm.com 2004-10-22...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2004/03/09 12:0 a.m.29 views

Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity

Software: Invision Power Board Vendor: http://www.invisionboard.com/ Versions: U v1.3 Final Bug: Cross Site Scripting Vulnerabillity Risk: Medium Exploitation: Remote with browser Date: 29 Feb 2004 Author: Rafel Ivgi, The-Insider E-Mail: [email protected] Web: http://theinsider.deep-ice.com 1...

0.3AI score
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.10 views

CVE-2003-1212

MaxWebPortal 1.30 allows remote attackers to perform unauthorized actions by modifying hidden form fields, such as the 1 news, 2 lock, or 3 allmem fields in the 'start new topic' HTML page...

7.5CVSS6.5AI score0.01746EPSS
Exploits1References5
exploitpack
exploitpack
added 2003/06/06 12:0 a.m.19 views

Max Web Portal 1.30 - Multiple Vulnerabilities

Max Web Portal 1.30 - Multiple Vulnerabilities Max Web Portal Multiple Vulnerabilities Vendor: Max Web Portal Product: Max Web Portal Version: alertdocument.cookie Remember this vuln as I will later explain how it can be used to aide an attacker to compromise user and admin accounts. Hidden Form...

0.5AI score
Exploits0
Cvelist
Cvelist
added 2003/03/18 5:0 a.m.23 views

CVE-2002-1462

details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versions, allows remote attackers to modify information of other users by modifying certain hidden form fields...

6.5AI score0.01481EPSS
Exploits0References3
exploitpack
exploitpack
added 2003/02/28 12:0 a.m.17 views

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure 1 source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software...

7AI score
Exploits0
exploitpack
exploitpack
added 2003/02/28 12:0 a.m.20 views

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure 2 source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/28 12:0 a.m.31 views

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (1)

source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use LWP::UserAgent; use HTTP::Request; use...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/28 12:0 a.m.31 views

Typo3 3.5 b5 - HTML Hidden Form Field Information Disclosure (2)

source: https://www.securityfocus.com/bid/6993/info Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. This may aid in exploiting other known issues in the software. !/usr/bin/perl use strict; use Getopt::Std; use LWP::UserAgent; u...

7.4AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.17 views

CVE-2002-0457

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as , , and & in fields such as 1 name, 2 email, 3 AIM screen name, 4 website, 5 location, or 6 message...

7.6CVSS7.1AI score0.02106EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/07/26 4:0 a.m.18 views

CVE-2002-0730

Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as 1 Name, 2 EMail, or 3 Homepage...

6.5AI score0.0686EPSS
Exploits1References3
securityvulns
securityvulns
added 2002/07/11 12:0 a.m.26 views

wp-02-0012: Carello 1.3 Remote File Execution

Westpoint Security Advisory Title: Carello 1.3 Remote File Execution Risk Rating: Medium Software: Carello Shopping Cart Platforms: Win2k, WinNT Vendor URL: www.carelloweb.com Author: Matt Moore [email protected] Date: 10th July 2002 Advisory ID: wp-02-0012 Overview: ========= Carello 1.3 is ...

1.2AI score
Exploits0
exploitpack
exploitpack
added 2002/06/10 12:0 a.m.15 views

MyHelpDesk 20020509 - HTML Injection

MyHelpDesk 20020509 - HTML Injection source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the...

7.6AI score
Exploits0
Exploit DB
Exploit DB
added 2002/06/10 12:0 a.m.20 views

MyHelpDesk 20020509 - HTML Injection

source: https://www.securityfocus.com/bid/4967/info It has been reported that MyHelpDesk is vulnerable to HTML injection attacks. MyHelpDesk does not properly sanitize HTML tags from form fields. Attackers may pass arbitrary HTML and script code through the unsanitized form fields or through...

7AI score
Exploits0
NVD
NVD
added 2002/05/29 4:0 a.m.27 views

CVE-2002-0257

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields 1 TITLE, 2 DESCTIT, 3 DESC, 4 searchstring, 5 ALIAS, 6 EMAIL, 7 ADDRESS1, 8 ADDRESS2, 9 ADDRESS3, 10 PHONE1, 11 PHONE2, 12 PHONE3, or ...

7.5CVSS6.1AI score0.0421EPSS
Exploits0References4
Rows per page
Query Builder