Lucene search
K

132 matches found

RedHat Linux
RedHat Linux
added 2016/06/21 10:39 p.m.4 views

python-django-horizon: XSS in client side template

A DOM-based, cross-site scripting vulnerability has been identified in the OpenStack dashboard, where user input was not filtered correctly. An authenticated dashboard user could exploit the flaw by injecting an AngularJS template into a dashboard form for example, using an image's description,...

5.4CVSS5.6AI score0.02068EPSS
Exploits0References4
Vulnerability Lab
Vulnerability Lab
added 2016/02/03 12:0 a.m.59 views

Getdpd BB #3 - Persistent Cross Site Scripting Vulnerability

Document Title: =============== Getdpd BB 3 - Persistent Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1567 ID: 14771 Release Date: ============= 2016-02-03 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/07/23 12:0 a.m.25 views

Ilya Birman E2 - @actionscomment-process SQL Injection

Ilya Birman E2 - @actionscomment-process SQL Injection source: https://www.securityfocus.com/bid/68843/info Ilya Birman E2 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to compromise the application,...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 Arbitrary File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

XGB 1.2 - Remote Form Field Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4515/info xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. xGB does not sufficiently validate input that is supplied via form...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

NavBoard 2.6.0 - Remote Code Execution Exploit

No description provided by source. ?php / \|/// \ - - // @ @ ----oOOo---oOOo--------------------------------------------------- Y! Underground Group [email protected] Dj7xpl.2600.ir ----ooooO-----Ooooo-------------------------------------------------- \ / \ /...

7.1AI score
Exploits0
OSV
OSV
added 2014/04/23 3:55 p.m.4 views

UBUNTU-CVE-2014-2983

Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified vectors...

5CVSS6.4AI score0.01555EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2014/04/23 2:0 p.m.22 views

CVE-2014-2983

Removed by vendor...

5CVSS6.2AI score0.01555EPSS
Exploits0
Cvelist
Cvelist
added 2013/11/21 2:0 a.m.37 views

CVE-2013-6176

Multiple SQL injection vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote authenticated users to execute...

8.1AI score0.02177EPSS
Exploits0References4
NVD
NVD
added 2012/05/11 3:49 a.m.15 views

CVE-2012-0676

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...

5CVSS5.8AI score0.02084EPSS
Exploits0References6
Prion
Prion
added 2012/05/11 3:49 a.m.19 views

Authentication flaw

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...

5CVSS6.3AI score0.02084EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/05/11 1:0 a.m.53 views

CVE-2012-0676

CVE-2012-0676 affects Apple Safari's WebKit up to version 5.1.7. The issue is a flaw in how WebKit tracks state while processing form input, enabling remote attackers to cause form fields on arbitrary pages to be filled via unspecified vectors. The OpenVAS entries and the NVD entry confirm the vu...

5CVSS5.9AI score0.02084EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/05/11 1:0 a.m.19 views

CVE-2012-0676

WebKit in Apple Safari before 5.1.7 does not properly track state information during the processing of form input, which allows remote attackers to fill in form fields on the pages of arbitrary web sites via unspecified vectors...

5.9AI score0.02084EPSS
Exploits0References6
Prion
Prion
added 2011/09/14 4:5 p.m.13 views

Input validation

The Data::FormValidator module 4.66 and earlier for Perl, when untaintallconstraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input...

4.3CVSS7.1AI score0.06156EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2011/09/14 3:0 p.m.31 views

CVE-2011-2201

The Data::FormValidator module 4.66 and earlier for Perl, when untaintallconstraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input...

4.3CVSS6.6AI score0.06156EPSS
Exploits1
Exploit DB
Exploit DB
added 2011/02/08 12:0 a.m.24 views

UMI CMS 2.8.1.2 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/46280/info UMI CMS is prone to multiple cross-site-scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2011/01/11 12:0 a.m.36 views

XSS vulnerability in VaM Shop

Vulnerability ID: HTB22778 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinvamshop.html Product: VaM Shop Vendor: Vamsoft http://vamshop.ru/ Vulnerable Version: 1,60 and probably prior versions Vendor Notification: 28 December 2010 Vulnerability Type: Stored XSS Cross Site Scripting...

0.3AI score
Exploits0
CVE
CVE
added 2010/10/27 10:0 p.m.86 views

CVE-2010-3933

CVE-2010-3933 affects Ruby on Rails 2.3.9 and 3.0.0, where nested attributes are not handled securely. The root cause is improper handling of nested attributes, enabling a remote attacker to modify arbitrary records by altering parameter names for form inputs. Reports in connected sources corrobo...

6.4CVSS6.6AI score0.0225EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2010/06/29 12:0 a.m.16 views

Grafik CMS - admin.php SQL Injection Cross-Site Scripting

Grafik CMS - admin.php SQL Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/41227/info Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2010/06/24 12:0 a.m.18 views

Lois Software WebDB 2.0A Script - Multiple SQL Injections

Lois Software WebDB 2.0A Script - Multiple SQL Injections source: https://www.securityfocus.com/bid/41124/info Lois Software WebDB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issu...

8.1AI score
Exploits0
Rows per page
Query Builder