Lucene search
K

19 matches found

Positive Technologies
Positive Technologies
added 2023/09/23 12:0 a.m.4 views

PT-2023-13726 · Kiali · Kiali

Name of the Vulnerable Software and Affected Versions: Kiali affected versions not specified Description: A content spoofing issue was found in Kiali, where it does not implement error handling when the page or endpoint being accessed cannot be found. This allows an attacker to perform arbitrary...

4.3CVSS6.8AI score0.00711EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.1 views

SUSE CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

4.3CVSS7.6AI score0.03685EPSS
Exploits0References8
Atlassian
Atlassian
added 2020/03/18 4:4 p.m.50 views

Opening 404 page (page not found) without user session will open 404 page instead of opening login page.

h3. Issue Summary Opening a random page on Crowd with a user that is not authenticated will display "Page not found" 404 page instead of the login page. h3. Steps to Reproduce Make sure you are not logged in. Try to open BaseURL/ABC h3. Expected Results As you do not have session information you...

1.4AI score
Exploits0Affected Software1
OSV
OSV
added 2019/01/14 4:20 p.m.1 views

GHSA-337X-4Q8G-PRC5 Improper Input Validation in Django

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

7.1CVSS7.1AI score0.03685EPSS
Exploits0References12
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

DEBIAN-CVE-2019-3498

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.7AI score0.03685EPSS
Exploits0References1
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

PYSEC-2019-87

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

5.9AI score
Exploits0References8
OSV
OSV
added 2019/01/09 11:29 p.m.2 views

PYSEC-2019-17

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS7.1AI score0.03685EPSS
Exploits0References9
PyPA
PyPA
added 2019/01/09 11:29 p.m.5 views

PYSEC-2019-17

In Django 1.11.x before 1.11.18, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, an Improper Neutralization of Special Elements in Output Used by a Downstream Component issue exists in django.views.defaults.pagenotfound, leading to content spoofing in a 404 error page if a user fails to recognize th...

6.5CVSS6.7AI score0.03685EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2019/01/04 12:0 a.m.7 views

PT-2019-1680 · Django Software Foundation +2 · Django +2

Name of the Vulnerable Software and Affected Versions: Django versions 1.11.x through 1.11.17 Django versions 2.0.x through 2.0.9 Django versions 2.1.x through 2.1.4 Description: The issue is related to insufficient neutralization of special elements in output used by a downstream component. This...

9.8CVSS6.3AI score0.99856EPSS
Exploits40References186
Hacker One
Hacker One
added 2015/12/18 7:14 a.m.41 views

HackerOne: Know whether private program for company exist or not

HI, There are some company which are hosting private BB on HackerOne which are not visible unless they invite you. However, you can check if any company is hosting private BB on HackerOne or not if you can guess the username they use. Generally most company chooses the same name as their company...

0.2AI score
Exploits0
Citrix
Citrix
added 2015/11/30 12:0 a.m.7 views

Error: "HTTP 404 Not Found" When Accessing StoreFront Through NetScaler Gateway

After you enter your credentials on the NetScaler Gateway login page the following error is displayed: HTTP 404 Page Not Found...

7.1AI score
Exploits0
CNVD
CNVD
added 2015/07/12 12:0 a.m.3 views

TYPO3 '404 Page not found handling' extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system. 404 Page not found handling is a 404 Page not found handling extension plugin. A cross-site scripting vulnerability exists in the TYPO3 '404 Page not found handling' extension that allows remote attackers to exploit the vulnerability to...

5.8AI score
Exploits0References1
Prion
Prion
added 2014/12/10 8:59 p.m.15 views

Code injection

The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not properly unset the authorized user role for certain users, which allows remote attackers with the pre-authorized role to gain privileges and possibly obtain sensitive information by accessing a Page Not Found 404 page...

4.3CVSS7.2AI score0.01066EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2014/08/08 4:22 a.m.19 views

Uzbey: SQL Injection

https://staging.uzbey.com/rotate-image?fid=2841+and+substringversion,1,1=4 FALSE https://staging.uzbey.com/rotate-image?fid=2841+and+substringversion,1,1=5 TRUE https://staging.uzbey.com/rotate-image?fid=2841+and+1=1+order+by+1-- TRUE...

0.4AI score
Exploits0
NVD
NVD
added 2009/02/10 7:0 a.m.17 views

CVE-2009-0466

Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...

4.3CVSS5.6AI score0.01022EPSS
Exploits0References3
Prion
Prion
added 2009/02/10 7:0 a.m.10 views

Cross site scripting

Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...

4.3CVSS6.1AI score0.01022EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2009/02/06 1:0 a.m.51 views

CVE-2009-0466

CVE-2009-0466 is an XSS vulnerability in Vivvo CMS prior to 4.1.1. The issue allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response. Affected software is Vivvo CMS versions before 4.1.1; exact root cause or vulnerable component is desc...

4.3CVSS5.8AI score0.01022EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2009/02/06 1:0 a.m.21 views

CVE-2009-0466

Cross-site scripting XSS vulnerability in Vivvo CMS before 4.1.1 allows remote attackers to inject arbitrary web script or HTML via a URI that triggers a 404 Page Not Found response...

5.6AI score0.01022EPSS
Exploits0References3
exploitpack
exploitpack
added 2007/03/31 12:0 a.m.21 views

PHP-Fusion 6.1.5 Mod Calendar_Panel - Show_Event.php SQL Injection

PHP-Fusion 6.1.5 Mod CalendarPanel - ShowEvent.php SQL Injection source: https://www.securityfocus.com/bid/23225/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could all...

0.1AI score
Exploits0
Rows per page
Query Builder