61 matches found
Zope 跨站脚本漏洞
Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. A cross-site scripting vulnerability exists in Zope Products.CMFCore before 2.5.1 and PluggableAuthService before 2.6.2, which stems from allowing reflection of XSS...
CVE-2020-13821
An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...
CVE-2020-2174
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...
Design/Logic Flaw
Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...
DEBIAN-CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...
ALPINE-CVE-2019-11234
FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...
Security update for avahi (moderate)
openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2019:0128-1 Rating: moderate References: 1120281 Cross-References: CVE-2018-1000845 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for avahi...
CVE-2012-1895
The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...
EUVD-2012-4702
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...
PT-2012-3633 · Microsoft · .Net Framework
Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4 Description: The issue arises from improper enforcement of object permissions in the reflection implementation, allowing remote attackers to execute arbitrary code. This can be achieved...
VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net
by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...
SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)
The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)
The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption rv:1.9.1.6. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982 - bmo504843,bmo523816 Memory safety fixes in...
mozilla -- multiple vulnerabilities
Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...
openSUSE Security Update : seamonkey (seamonkey-1738)
The Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflectio...
SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)
The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...
SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)
The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption rv:1.9.1.6. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982 - bmo504843,bmo523816 Memory safety fixes in...
openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)
The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflection vulnerability...
SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)
The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...
NTLM reflection vulnerability — Mozilla
Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application via the browser. If an attacker could get a user to visit a...