230 matches found
UBUNTU-CVE-2015-2938
Cross-site scripting XSS vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file...
CVE-2015-2938
Summary (CVE-2015-2938): MediaWiki is affected by an XSS vulnerability in the handling of a custom JavaScript file. Affected versions are MediaWiki < 1.19.24, 1.2.x < 1.23.9, and 1.24.x
MGASA-2014-0415 Updated ctags package fixes security vulnerability
A denial of service issue was discovered in ctags 5.8. A remote attacker could cause excessive CPU usage and disk space consumption via a crafted JavaScript file by triggering an infinite loop CVE-2014-7204...
ALPINE-CVE-2014-7204
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...
CVE-2014-7204
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...
Code injection
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...
UBUNTU-CVE-2014-7204
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...
CVE-2014-7204
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service infinite loop and CPU and disk consumption via a crafted JavaScript file...
atmail email server appliance 6.4 - Stored XSS - csrf - rce
No description provided by source. Exploit Title: Atmail Email Server Appliance 6.4 Remote Code Execution Date: Jul 21 2012 Author: muts Version: Atmail Email Server 6.4 By sending an email to a user with the Atmail administrative interface open, we can call a remote JavaScript file that will...
ManageEngine OpUtils 6.0 - Stored XSS
No description provided by source. Author: loneferret of Offensive Security Product: ManageEngine OpUtils Version: 6 Vendor Site: http://www.manageengine.com Software Download: http://www.manageengine.com/products/oputils/download.html Software Description:...
CVE-2013-2086
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...
Cross site request forgery (csrf)
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...
UBUNTU-CVE-2013-2086
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...
CVE-2013-2086
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file...
CVE-2013-6797
Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...
CVE-2013-6797
Cross-site request forgery CSRF vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bwurl parameter in the bw-videos pag...
Server: CSRF token leakage
The configuration loader in ownCloud 5.0.x before 5.0.6 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information. For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...
CVE-2012-1579
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...
Cross site request forgery (csrf)
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive information...