Persistent XSS in JIRA charting plugin Workload Pie Chart Report

The Workload Pie Chart Report included with the JIRA charting plugin contains a number of XSS vulnerabilities. This plugin is bundled with OnDemand. The configuration page contains an XSS vulnerability in custom field names. 1. Create a custom field with the name alert'custom field' 2. Try to...

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

Scientific Linux Security Update : mcstrans on SL5.x i386/x86_64

An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial denial of service. CVE-2007-4570 This update also fix...

Cross-site scripting vulnerability in extension Ameos Formidable (ameos_formidable)

It has been discovered that the extension "Ameos Formidable" ameosformidable is vulnerable to cross-site scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.373 and below Vulnerability Type: Cross-site...

Personal Information of 3.5 Million Poker Players Spilled Online

Customers of the online poker Website Ultimate Bet UB are the victims of a data breach that spilled the private information of up to 3.5 million of its customers online over the weekend. Ultimate Bet, a property of the Cereus Poker Network, saw a slew of customer information posted online includi...

XSS Vulnerability in Issue Links and Labels

We have identified and fixed a number of cross-site scripting XSS vulnerabilities in JIRA issue links and labels. Affected versions are 4.2.x to 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various...

XSS Vulnerability in Issue Links and Labels

We have identified and fixed a number of cross-site scripting XSS vulnerabilities in JIRA issue links and labels. Affected versions are 4.2.x to 4.3.x XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a JIRA page. You can read more about XSS attacks at various...

DEBIAN-CVE-2011-0520

The compressadddlabelpoints function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a...

Ten Years Later, Rethinking Microsoft's Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be...

Joomla! Component QuickFAQ 1.0.3 - Blind SQL Injection

----------------------------------------------------------------------------------------- Joomla Component comquickfaq BSQL-i Vulnerability ----------------------------------------------------------------------------------------- +Title Joomla Component comquickfaq BSQL-i Vulnerability +Author...

SalesCart (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== SalesCart Auth Bypass SQL Injection Vulnerability =================================================== Script :SalesCart Product Management Plugin Site :http://www.salescart.com Demo...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...

Seperate label permissions from edit issue permission

In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...

Seperate label permissions from edit issue permission

In 3.11 the labels plugin changed so that manipulating labels required the "Edit Issue" permission. This drastically impacted our organizations workflow, as we'd just introduced labels in our previous upgrade, and we don't give "edit issues" to all users, but we do want all authenticated users to...

Design/Logic Flaw

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service temporary daemon outage via a large range of compartments in sensitivity labels...

CVE-2007-4570

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service temporary daemon outage via a large range of compartments in sensitivity labels...

CVE-2007-4570

CVE-2007-4570 concerns an algorithmic complexity vulnerability in the MCS translation daemon (mcstrans) version 0.2.3 that allows a local attacker to cause a denial of service by targeting a large range of compartments in sensitivity labels. Public documents from various advisories (ELSA-2007-054...

Ubuntu 5.10 / 6.06 LTS / 6.10 : linux-source-2.6.12/-2.6.15/-2.6.17 vulnerabilities (USN-395-1)

Mark Dowd discovered that the netfilter iptables module did not correcly handle fragmented packets. By sending specially crafted packets, a remote attacker could exploit this to bypass firewall rules. This has only be fixed for Ubuntu 6.10; the corresponding fix for Ubuntu 5.10 and 6.06 will foll...

Vulnerability against DoS attack via labels

Description: When you give more labels to a content, then Confluence split up the user input on spaces, and then make az SQL query against each word or something like this. Exploit: Giving x thousand characters depends on the machine separated by space as label results the system is breaking down...