5900 matches found
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected...
WordPress 2.0.11 - wp-adminoptions-discussion.php Script Cross-Site Request Forgery
WordPress 2.0.11 - wp-adminoptions-discussion.php Script Cross-Site Request Forgery source: https://www.securityfocus.com/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote...
Moderate: Red Hat Security Advisory: nodejs010-nodejs security update
Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
pineapp mailsecure remote no authenticated privilege escalation & remote execution code
Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...
MGASA-2013-0360 Updated subversion package fixes security vulnerabilities
moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...
CVE-2013-6918
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests...
CVE-2013-3030
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
Code injection
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
CVE-2013-3030
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
omniauth-facebook Gem for Ruby Unspecified CSRF
omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site...
Practico 13.9 Multiple Vulnerabilities
Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 - Multiple Vulnerabilities Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without...
DoS Vulnerability (fixed in Node v0.8.26 and v0.10.21)
DoS Vulnerability fixed in Node v0.8.26 and v0.10.21 Node.js is vulnerable to a denial of service attack when a client sends many pipelined HTTP requests on a single connection, and the client does not read the responses from the connection. We recommend that anyone using Node.js v0.8 or v0.10 to...
Xxe
Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service CPU and memory consumption via an XML document containing an external entity declaration in conjunction with an entity referenc...
Fortinet FortiAnalyzer - Cross-Site Request Forgery
Fortinet FortiAnalyzer - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain...
Fortinet FortiAnalyzer - Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/63663/info FortiAnalyzer is prone to a cross-site request-forgery vulnerability because it fails to properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized administrative actions in the context of...
[Firefox] убираем кодирование кавычек в URL | Firefox URL quote encoding patch
See next post for English description! Патч призван устранить кодирование кавычек ',", в HTTP запросах. Начиная с версии 3.0 коммит, Firefox стал урл-кодировать одинарную кавычку ' в %27. Данное поведение нередко может помешать обнаружить SQL инъекцию в веб-приложениях, например, при участии...
Upgrade Attack
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...
Upgrade Attack
Added: 09/30/2013 Background The LLMNR Local Link Multicast Name Resolution protocol is used to answer wpad requests sent by Microsoft Windows. A rogue WPAD server delivers a wpad.dat file to poisoned hosts forcing them to proxy web requests through the SAINT server. In addition, HTTP requests ar...