254 matches found
CruxCMS 'txtusername' Parameter Cross Site Scripting Vulnerability
CruxCMS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Spring Framework class.classLoader类远程代码执行漏洞
BUGTRAQ ID: 40954 CVE ID: CVE-2010-1622 Spring是一个广泛部署的开源架构,帮助开发人员构建高质量的应用。 Spring框架提供了允许使用客户端所提供的数据来更新对象属性的机制,而该机制允许攻击者修改用于通过class.classloader加载对象的类加载器的属性,这可能导致执行任意命令。例如,攻击者可以将类加载器所使用的URL修改到受控的位置。 0 SpringSource Spring Framework 3.0.0 - 3.0.2 SpringSource Spring Framework 2.5.0 - 2.5.7 厂商补丁:...
Sun Java System Communication Express CSRF via HPP
Hello, As a continuation of my advisory about "Sun Java System Communications Express Multiple HTML Injection Vulnerabilities" that can be found here: http://www.securityfocus.com/bid/34083/info, I would like to introduce another potential security threat in the same product and based on my...
Sun Java System Communications Express Multiple HTML Injection Vuln
Exploit for unknown platform in category web applications ============================================================================== Sun Java System Communications Express Multiple HTML Injection Vulnerabilities ============================================================================== As...
Sun Java System Communications Express XSRF
Hello, As a continuation of my advisory about "Sun Java System Communications Express Multiple HTML Injection Vulnerabilities" that can be found here: http://www.securityfocus.com/bid/34083/info, I would like to introduce another potential security threat in the same product and based on my...
CUPS < 1.4.2 kerberos Parameter XSS
According to its banner, the version of CUPS installed on the remote host is earlier than 1.4.2. The 'kerberos' parameter in such versions is not properly sanitized before being used to generate dynamic HTML content. An attacker can leverage this issue via a combination of attribute injection and...
CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...
Cross site scripting
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...
CVE-2009-2820
The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle 1 HTTP headers and 2 HTML templates, which allows remote attackers to conduct cross-site scripting XSS attacks and HTTP response splitting attacks via vectors related to a...
ModSecurity <= 2.5.9 (Core Rules <= 2.5-1.6.1) Filter Bypass Vuln
Exploit for windows platform in category remote exploits ================================================================= ModSecurity = 2.5.9 Core Rules = 2.5-1.6.1 Filter Bypass Vuln ================================================================= Affected Software : ModSecurity = 2.5.9 using...
ModSecurity 2.5.9 Filter Bypass
======================================================================== ModSecurity Core Rules HPP Filter Bypass Vulnerability ======================================================================== Affected Software : ModSecurity = 2.5.9 using ModSecurity Core Rules = 2.5-1.6.1 Author :...
Firefly Media Server (mt-daapd) 2.4.1 / SVN 1699 Multiple Vulnerabilities
Exploit for unknown platform in category remote exploits ========================================================================= Firefly Media Server mt-daapd 2.4.1 / SVN 1699 Multiple Vulnerabilities ========================================================================= Luigi Auriemma...
Remote Shell Command Execution in "KB-Bestellsystem" (amensa-soft.de)
"KB-Bestellsystem" is a domain order system written in Perl. The "domain" and "tld" parameters in "kbwhois.cgi" are not filtering shell metacharacters. The following examples will show you the /etc/passwd file:...
CVE-2004-2084
Cross-site scripting XSS vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter...