Lucene search
K

4336 matches found

Exploit DB
Exploit DB
added 2008/09/26 12:0 a.m.26 views

The Gemini Portal 4.7 - Insecure Cookie Handling

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- The Gemini Portal eNYe-Sec - www.enye-sec.org Program description by the author website Bug Exploit Note: POST is not checked and you can enter all by GET. Also you can create a simple perl script to send GET and POST packages. Fir...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2008/09/26 12:0 a.m.34 views

Crux Gallery 1.32 - Insecure Cookie Handling

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Crux Gallery eNYe-Sec - www.enye-sec.org Program description by the author website Bug Exploit Note: POST is not checked and you can enter all by GET. Also you can create a simple perl script to send GET and POST packages. Navigate by...

7.4AI score
Exploits0
NVD
NVD
added 2008/03/19 12:44 a.m.18 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

4.3CVSS5.3AI score0.02796EPSS
Exploits1References9
Prion
Prion
added 2008/03/19 12:44 a.m.22 views

Cross site scripting

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

4.3CVSS5.6AI score0.02796EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2008/03/19 12:0 a.m.21 views

CVE-2008-1007

WebCore, as used in Apple Safari before 3.1, does not enforce the frame navigation policy for Java applets, which allows remote attackers to conduct cross-site scripting XSS attacks...

5.3AI score0.02796EPSS
Exploits1References9
CVE
CVE
added 2008/03/19 12:0 a.m.49 views

CVE-2008-1007

The connected Seebug entry confirms CVE-2008-1007 affects Apple Safari/WebKit: WebCore in Safari

4.3CVSS5.3AI score0.02796EPSS
Exploits1References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/03/04 12:0 a.m.13 views

Fedora 7 : viewvc-1.0.5-1.fc7 (2008-2143)

These security issues have been fixed: - omit commits of all-forbidden files from query results - disallow direct URL navigation to hidden CVSROOT folder - strip forbidden paths from revision view - don't traverse log history thru forbidden locations - honor forbiddenness via diff view path...

5.5AI score
Exploits0References2
securityvulns
securityvulns
added 2008/02/26 12:0 a.m.117 views

Alkacon OpenCms tree_files.jsp resource XSS

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2008/02/25 12:0 a.m.30 views

alkacon-xss.txt

Alkacon OpenCms treefiles.jsp resource XSS Product: Alkacon OpenCms http://www.opencms.org/ OpenCms contains a cross-site scripting vulnerability in the file tree navigation function. An invalid value supplied to parameter resource in page opencms/system/workplace/views/explorer/treefiles.jsp is...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/02/22 12:0 a.m.67 views

Mozilla Thunderbird/Seamonkey/Firefox 2.0.0.12修复多个安全漏洞

BUGTRAQ ID: 27683 CVECAN ID: CVE-2008-0412,CVE-2008-0413,CVE-2008-0414,CVE-2008-0415,CVE-2008-0417,CVE-2008-0419,CVE-2008-0591,CVE-2008-0592,CVE-2008-0593,CVE-2008-0594 Firefox/Thunderbird/SeaMonkey是Mozilla所发布的WEB浏览器和邮件/新闻组客户端。...

9.3CVSS2.6AI score0.03849EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2008/02/14 12:0 a.m.52 views

openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-5002)

This update brings Mozilla Firefox to security update version 2.0.0.12 Following security problems were fixed : - MFSA 2008-11/CVE-2008-0594 Web forgery overwrite with div overlay - MFSA 2008-10/CVE-2008-0593 URL token stealing via stylesheet redirect - MFSA 2008-09/CVE-2008-0592 Mishandling of...

9.3CVSS8.6AI score0.08633EPSS
Exploits4References10
securityvulns
securityvulns
added 2008/02/10 12:0 a.m.93 views

Mozilla Foundation Security Advisory 2008-06

Mozilla Foundation Security Advisory 2008-06 Title: Web browsing history and forward navigation stealing Impact: Critical Announced: February 7, 2008 Reporter: David Bloom Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 2.0.0.12 SeaMonkey 1.1.8 Description Mozilla contributor David...

9.3CVSS9.6AI score0.03796EPSS
Exploits1
Prion
Prion
added 2008/02/08 10:0 p.m.15 views

Memory corruption

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service crash via images in a page that uses designMode frames, which triggers memory corruption related to resize handles...

9.3CVSS6.9AI score0.03796EPSS
Exploits1References56Affected Software2
NVD
NVD
added 2008/02/08 10:0 p.m.15 views

CVE-2008-0419

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service crash via images in a page that uses designMode frames, which triggers memory corruption related to resize handles...

9.3CVSS6.7AI score0.03796EPSS
Exploits1References56
Cvelist
Cvelist
added 2008/02/08 9:0 p.m.28 views

CVE-2008-0419

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service crash via images in a page that uses designMode frames, which triggers memory corruption related to resize handles...

6.7AI score0.03796EPSS
Exploits1References56
RedHat Linux
RedHat Linux
added 2008/02/08 2:24 a.m.3 views

Mozilla arbitrary code execution

Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows remote attackers to steal navigation history and cause a denial of service crash via images in a page that uses designMode frames, which triggers memory corruption related to resize handles...

9.3CVSS7.4AI score0.03796EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.14 views

Debian: Security Advisory (DSA-891-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.08739EPSS
Exploits0References3
Prion
Prion
added 2007/08/25 12:17 a.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via one or more of the following vectors: the 1 id parameter to a pages/deletepage.php, b navigation/deletemenu.php, and c...

3.5CVSS6.8AI score0.0115EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2007/08/25 12:17 a.m.15 views

CVE-2007-4522

Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 and earlier allow remote authenticated users to execute arbitrary SQL commands via one or more of the following vectors: the 1 id parameter to a pages/deletepage.php, b navigation/deletemenu.php, and c navigation/deleteitem.php ...

6CVSS8.1AI score0.0173EPSS
Exploits1References5
NVD
NVD
added 2007/08/08 11:17 p.m.13 views

CVE-2007-4259

EZPhotoSales 1.9.3 and earlier allows remote attackers to download arbitrary image files via 1 a direct request for a URL under OnlineViewing/galleries/ or 2 navigation of the gallery user interface with JavaScript disabled...

5CVSS6.8AI score0.01517EPSS
Exploits0References8
Rows per page
Query Builder