Atlassian Bamboo Multiple Vulnerabilities (Feb 2016)

Atlassian Bamboo is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:atlassian:bamboo";...

Authentication flaw

Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, or manage build agents via unknown vectors involving the JMS port...

CVE-2015-2958

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953...

VDG Security SENSE Authentication Bypass Vulnerability

VDG Security SENSE is a video management system VMS from VDG Security in the Netherlands. An authentication bypass vulnerability exists in versions of VDG Security SENSE prior to 2.3.15, which allows remote attackers to pass authentication via characters in the encode:authorize HTTP header and...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in cgi-bin/admin/setupedit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action...

CVE-2011-5306

CVE-2011-5306 describes a Cross-Site Request Forgery (CSRF) vulnerability in CosmoShop ePRO 10.05.00. The flaw affects the CGI component cgi-bin/admin/setup_edit.cgi and enables remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. T...

CVE-2014-2374

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

Authentication flaw

The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified URL...

CVE-2014-2374 Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

CVE-2014-2373 Accuenergy Accuenergy Acuvim II Client-Side Enforcement of Server-Side Security

The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript...

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery

CacheGuard-OS 5.7.7 - Cross-Site Request Forgery I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL filtering...

CVE-2013-3257

Cross-site request forgery CSRF vulnerability in the Related Posts plugin before 2.7.2 for WordPress allows remote attackers to hijack the authentication of users for requests that modify settings via unspecified vectors...

CVE-2014-3844

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...

Information disclosure

The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2014-0813

Cross-site request forgery CSRF vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to hijack the authentication of arbitrary users for requests that modify settings...

CVE-2014-0813

Affected software : phpMyFAQ (before 2.8.6). Vulnerability : Cross-site request forgery (CSRF) in the web interface that lets an attacker hijack the authentication of an arbitrary user to modify settings. Root cause / details : The issue is a CSRF vulnerability allowing a malicious page to trigge...

FortiAnalyzer 5.0.4 - CSRF Vulnerability

Exploit for php platform in category web applications CertR no respond my email, not Fortinet has not given the credits. I. VULNERABILITY ------------------------- CSRF vulnerabilities in OS of fortianalyzer 5.0.4 II. BACKGROUND ------------------------- Fortinet’s industry-leading, Network...

CVE-2013-5703

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...

Code injection

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...

CVE-2013-5703

The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js...