465 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
UBUNTU-CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
The CVE-2016-2560 issue affects phpMyAdmin series: 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1. The vulnerability consists of multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML through several vectors (crafted H...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2560
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via 1 a crafted Host HTTP header, related to libraries/Config.class.php; 2 crafted JSON data, relat...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
Cross site scripting
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
CVE-2016-2045
Cross-site scripting XSS vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
Code injection
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
CVE-2015-5250
CVE-2015-5250 affects the API server of OpenShift Origin 1.0.5. A remote attacker can trigger a denial of service (master process crash) by sending specially crafted JSON data. Root cause mentioned in public sources includes improper error handling in the API server. The issue is addressed in Red...
CVE-2015-5250
The API server in OpenShift Origin 1.0.5 allows remote attackers to cause a denial of service master process crash via crafted JSON data...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
JSON Data encoded for use in HTML was not safe to use in IE6/IE7, possible XSS attacks
More info at https://www.yiiframework.com/news/86/yii-2-0-4-is-released/...
ManageEngine Desktop Central MSP IOSCheckInServlet UDID Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ManageEngine Desktop Central MSP. Authentication is not required to exploit this vulnerability. The specific flaw exists within the IOSCheckInServlet servlet. The issue lies in the failure to...