1085 matches found
Parallels Plesk 8.2 URL Redirection
Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...
Joomla 1.6.0 Cross Site Scripting
========================================== Joomla! 1.6.0 | Cross Site Scripting XSS Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system CMS for...
Cross-Site Scripting vulnerabilities in Icinga
Advisory: Cross-Site Scripting vulnerabilities in Icinga Advisory ID: SSCHADV2011-001 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1 Vendor URL: http://www.icinga.org Vendor Status: fixed csv export link to make it XSS save IE 1275 CVE-ID: -...
Icinga 1.3.0 / 1.2.1 Cross Site Scripting
Advisory: Cross-Site Scripting vulnerabilities in Icinga Advisory ID: SSCHADV2011-001 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1 Vendor URL: http://www.icinga.org Vendor Status: fixed csv export link to make it XSS save IE 1275 CVE-ID: -...
PHPShop 0.8.1 <= | Cross Site Scripting Vulnerability
======================================== PHPShop 0.8.1 = | Cross Site Scripting Vulnerability ======================================== 1. OVERVIEW The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross Site Scripting. 2. BACKGROUND PHPShop is a PHP-powered shopping cart applicatio...
PHPShop 0.8.1 Cross Site Scripting
======================================== PHPShop 0.8.1 = | Cross Site Scripting Vulnerability ======================================== 1. OVERVIEW The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross Site Scripting. 2. BACKGROUND PHPShop is a PHP-powered shopping cart applicatio...
Cross site scripting
Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2010-4745
Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2010-4745
Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
Adobe ColdFusion login.cfm Query String XSS (APSB11-04)
The version of Adobe ColdFusion running on the remote host has is affected by a cross-site scripting vulnerability in the administrative web interface. Input to the query string of 'administrator/login.cfm' is not properly sanitized before being returned in an HTML response. A remote attacker can...
Fedora Update for perl-CGI FEDORA-2011-0640
Check for the Version of perl-CGI OpenVAS Vulnerability Test Fedora Update for perl-CGI FEDORA-2011-0640 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
CVE-2010-4647
Multiple cross-site scripting XSS vulnerabilities in the Help Contents web application aka the Help Server in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 help/index.jsp or 2 help/advanced/content.jsp...
Ubuntu Update for python-django vulnerabilities USN-1040-1
Ubuntu Update for Linux kernel vulnerabilities USN-1040-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN10401.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for python-django vulnerabilities USN-1040-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...
CVE-2010-4534
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...
CVE-2010-4534
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...
DEBIAN-CVE-2010-4534
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...
CVE-2010-4534
The administrative interface in django.contrib.admin in Django before 1.1.3, 1.2.x before 1.2.4, and 1.3.x before 1.3 beta 1 does not properly restrict use of the query string to perform certain object filtering, which allows remote authenticated users to obtain sensitive information via a series...
USN-1040-1: Django vulnerabilities
Adam Baldwin discovered that Django did not properly validate query string lookups. This could be exploited to provide an information leak to an attacker with admin privilieges. CVE-2010-4534 Paul McMillan discovered that Django did not validate the length of the token used when generating a...
Microsoft IIS - ISAPI 'w3who.dll' Query String Overflow (Metasploit)
$Id: w3whoquery.rb 9719 2010-07-07 17:38:59Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2010-2267
Multiple cross-site scripting XSS vulnerabilities in Accoria Web Server aka Rock Web Server 1.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the getenv sample program, 2 the desc parameter to loadstatic.cgi, 3 the name parameter to httpdcfg.cgi, or 4 t...