Lucene search
K

187 matches found

OSV
OSV
added 2011/04/19 7:55 p.m.4 views

UBUNTU-CVE-2011-1723

Cross-site scripting XSS vulnerability in app/views/layouts/base.rhtml in Redmine 1.0.1 through 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to projects/hg-helloworld/news/. NOTE: some of these details are obtained from third party information...

4.3CVSS5.9AI score0.04459EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2011/04/10 2:51 a.m.5 views

CVE-2011-1671

Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...

4.3CVSS5.7AI score0.01973EPSS
Exploits1References10
OSV
OSV
added 2010/09/28 6:0 p.m.1 views

DEBIAN-CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

4.3CVSS5.8AI score0.06161EPSS
Exploits0References1
myhack58
myhack58
added 2010/05/01 12:0 a.m.17 views

dedecms 5.5 procedure leaked site path information-vulnerability warning-the black bar safety net

Vulnerability description: dedecms 5.5 procedure leaked site path information. Test address: http://www.dedecms.com/plus/paycenter/alipay/returnurl.php http://www.dedecms.com/plus/paycenter/cbpayment/autoreceive.php http://www.dedecms.com/plus/paycenter/nps/configpaynps.php...

7.1AI score
Exploits0
myhack58
myhack58
added 2010/04/06 12:0 a.m.16 views

dedecms proof path for the latest vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: dedecms 5.5 procedure leaked site path information. As shown in Figure: ! Test address: http://www.dedecms.com/plus/paycenter/alipay/retur... http://www.dedecms.com/plus/paycenter/cbpayment/au... http://www.dedecms.com/plus/paycenter/nps/configp...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/04/27 12:0 a.m.19 views

Invision Power Board (IP.Board) 3.0 - Multiple HTML Injection / Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/34725/info Invision Power Board is prone to an information-disclosure issue and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to determine path information or to...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2008/11/05 12:0 a.m.21 views

Discuz! 路径信息泄露漏洞

目录\ucclient\data\cache,\forumdata\cache等下面的文件里对如:br / br / $CACHE'settings' = array br / 'accessemail' = '',br / 'censoremail' = '',br / 'censorusername' = '',br / 'dateformat' = 'y-n-j',br / 'doublee' = '1',br / 'nextnotetime' = '0',br / 'timeoffset' = '28800',br / ;br / br / br /...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2008/05/20 2:12 p.m.6 views

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

5CVSS5.8AI score0.10111EPSS
Exploits0References4
NVD
NVD
added 2008/02/25 11:44 p.m.20 views

CVE-2008-0978

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

5CVSS6.2AI score0.01489EPSS
Exploits0References7
Prion
Prion
added 2008/02/25 11:44 p.m.16 views

Design/Logic Flaw

Double-Take 5.0.0.2865 and earlier, distributed under the HP StorageWorks Storage Mirroring name and other names, allows remote attackers to obtain sensitive information via a packet of type 1 0x2728, which provides operating system and path information; 2 0x274e, which lists Ethernet adapters; 3...

5CVSS6.7AI score0.01489EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2007/10/23 3:56 p.m.6 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/10/23 3:54 p.m.7 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2007/09/20 1:10 p.m.6 views

php cross-site cookie insertion

The sessionstart function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from 1 PATHINFO, 2 the sessionid function, and 3 the sessionstart function, which...

4.3CVSS6AI score0.07919EPSS
Exploits0References4
OSV
OSV
added 2007/07/30 4:30 p.m.16 views

DEBIAN-CVE-2007-4048

Cross-site scripting XSS vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

4.3CVSS6AI score0.01321EPSS
Exploits0References1
exploitpack
exploitpack
added 2007/04/27 12:0 a.m.8 views

Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure

Apache AXIS 1.0 - Non-Existent WSDL Path Information Disclosure source: https://www.securityfocus.com/bid/23687/info Apache AXIS is prone to a path-information-disclosure vulnerability. Remote unauthorized attackers may be able to determine webserver directory paths. Information obtained may aid...

7.2AI score
Exploits0
NVD
NVD
added 2007/04/25 5:19 p.m.16 views

CVE-2007-2253

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...

5CVSS6.4AI score0.01324EPSS
Exploits1References4
Prion
Prion
added 2007/04/25 5:19 p.m.12 views

Path traversal

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...

5CVSS6.9AI score0.01324EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2007/04/25 5:0 p.m.44 views

CVE-2007-2253

CVE-2007-2253 affects Exponent CMS 0.96.6 Alpha and earlier. The vulnerability is a path disclosure where remote attackers can obtain path information by directly requesting (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. The connected documents provide these concrete affected...

5CVSS6.4AI score0.01324EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2007/03/30 12:19 a.m.2 views

DEBIAN-CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

5CVSS6.8AI score0.10111EPSS
Exploits0References1
NVD
NVD
added 2006/05/31 10:6 a.m.18 views

CVE-2006-2677

SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information...

5CVSS6.6AI score0.01377EPSS
Exploits0References3
Rows per page
Query Builder