3715 matches found
Spring Security - HTTP Header Injection
source: https://www.securityfocus.com/bid/49535/info Spring Security is prone to a vulnerability that allows attackers to inject arbitrary HTTP headers because it fails to sufficiently sanitize input. By inserting arbitrary headers into an HTTP response, attackers may be able to launch various...
ManageEngine ServiceDesk Plus Multiple Stored XSS Vulnerabilities
This host is running ManageEngine ServiceDesk Plus and is prone to multiple stored cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmanageengineservicedeskplusmultxssvuln.nasl 7006 2017-08-25 11:51:20Z teissa $ ManageEngine ServiceDesk Plus Multiple Stored XSS...
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities
ManageEngine ServiceDesk Plus 8.0 - Multiple Persistent Cross-Site Scripting Vulnerabilities ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary...
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities
Exploit for jsp platform in category web applications ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help...
rubygem-rails -- multiple vulnerabilities
SecurityFocus reports: Ruby on Rails is prone to multiple vulnerabilities including SQL-injection, information-disclosure, HTTP-header-injection, security-bypass and cross-site scripting issues...
Cross site scripting
Cross-site scripting XSS vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository WSRR 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2011-1357
Cross-site scripting XSS vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository WSRR 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...
CVE-2011-1357
Technical details about CVE-2011-1357 are not publicly available in the provided connected documents. Monitor for updates from official advisories.
Citrix Access Gateway Plug-in for Windows ActiveX Control Multiple Vulnerabilities (CTX129902)
The Citrix Access Gateway ActiveX control for Citrix Access Gateway Enterprise Edition is installed on the remote Windows host. It is the ActiveX component of the Citrix Access Gateway Plug-in for Windows and provides an SSL-based VPN via a web browser. The installed version of this control is...
Design/Logic Flaw
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to...
CVE-2011-2883
The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to...
CVE-2011-2882
Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data...
CVE-2011-2882
CVE-2011-2882 pertains to a stack-based buffer overflow in the Citrix Access Gateway Plug-in for Windows ActiveX control (nsepa.ocx). Affected plug-in versions: 8.1-67.7, 9.0-70.5, and 9.1-96.4. The vulnerability occurs when processing certain HTTP header data, allowing remote code execution in t...
Cross Site Scripting - Dokumentation, Analyse & Techniken
Document Title: =============== Cross Site Scripting - Dokumentation, Analyse & Techniken References: =========== https://www.vulnerability-lab.com/resources/documents/198.pdf https://de.wikipedia.org/wiki/Cross-SiteScriptingWeblinks ; Release Date: ============= 2011-07-19 Vulnerability Laborato...
iDefense Security Advisory 07.14.11: Citrix Access Gateway ActiveX Stack Buffer Overflow Vulnerability
iDefense Security Advisory 07.14.11 http://labs.idefense.com/intelligence/vulnerabilities/ Jul 14, 2011 I. BACKGROUND Citrix's Access Gateway solution provides remote access to customers via the Web browser. This is accomplished through the use of an ActiveX control that enables an SSL based VPN...
dz7. 2 HTTP header injection vulnerability-vulnerability warning-the black bar safety net
dz7. 2 HTTP header injection vulnerability 20107/7/, the dz7. 2 header injection vulnerability 20107/7/ image.php to: header header'location: '.$ boardurl.$ thumbfile; $boardurl = htmlspecialchars'http://'.$ SERVER'HTTPHOST'. pregreplace"//+api|archiver|wap?/$/ i", ", substr$PHPSELF, 0,...
Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header
We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...
Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header
We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...
Web Sudo should be able to be subverted for non browsers (eg scripts) via a HTTP header
We do this for XSRF protection. Basically you should be able to subvert the web sudo mechanism via a HTTP header. This posts shows the use case https://answers.atlassian.com/questions/1273/jira-jelly-runner-via-cron-in-v4-3-4 I believe it just as secure since web sudo is really design to stop som...