132 matches found
python-django-horizon: XSS in client side template
A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...
Getdpd BB #3 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== Getdpd BB 3 - Persistent Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1567 ID: 14771 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID:...
Ilya Birman E2 - @actionscomment-process SQL Injection
Ilya Birman E2 - @actionscomment-process SQL Injection source: https://www.securityfocus.com/bid/68843/info Ilya Birman E2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application,...
The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 Arbitrary File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a...
XGB 1.2 - Remote Form Field Input Validation Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form...
NavBoard 2.6.0 - Remote Code Execution Exploit
No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...
UBUNTU-CVE-2014-2983
Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors...
CVE-2014-2983
Removed by vendor...
CVE-2013-6176
Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute...
CVE-2012-0676
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...
Authentication flaw
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...
CVE-2012-0676
CVE-2012-0676 affects Apple Safari's WebKit up to version 5.1.7. The issue is a flaw in how WebKit tracks state while processing form input, enabling remote attackers to cause form fields on arbitrary pages to be filled via unspecified vectors. The OpenVAS entries and the NVD entry confirm the vu...
CVE-2012-0676
WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...
Input validation
The Data::FormValidator module 4.66 and earlier for Perl, when untaintallconstraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input...
CVE-2011-2201
The Data::FormValidator module 4.66 and earlier for Perl, when untaintallconstraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input...
UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/46280/info UMI CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
XSS vulnerability in VaM Shop
Vulnerability ID: HTB22778 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinvamshop.html Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,60 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type: Stored XSS Cross Site Scripting...
CVE-2010-3933
CVE-2010-3933 affects Ruby on Rails 2.3.9 and 3.0.0, where nested attributes are not handled securely. The root cause is improper handling of nested attributes, enabling a remote attacker to modify arbitrary records by altering parameter names for form inputs. Reports in connected sources corrobo...
Grafik CMS - admin.php SQL Injection Cross-Site Scripting
Grafik CMS - admin.php SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41227/info Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...
Lois Software WebDB 2.0A Script - Multiple SQL Injections
Lois Software WebDB 2.0A Script - Multiple SQL Injections source: https://www.securityfocus.com/bid/41124/info Lois Software WebDB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issu...