Lucene search
K

61 matches found

CNNVD
CNNVD
added 2021/05/21 12:0 a.m.4 views

Zope 跨站脚本漏洞

Zope is a set of object-oriented, open source web application servers written in the Python language from the Zope ZOPE community. A cross-site scripting vulnerability exists in Zope Products.CMFCore before 2.5.1 and PluggableAuthService before 2.6.2, which stems from allowing reflection of XSS...

6.1CVSS5.8AI score0.00773EPSS
Exploits0References2
NVD
NVD
added 2020/08/26 4:15 p.m.21 views

CVE-2020-13821

An issue was discovered in HiveMQ Broker Control Center 4.3.2. A crafted clientid parameter in an MQTT packet sent to the Broker is reflected in the client section of the management console. The attacker's JavaScript is loaded in a browser, which can lead to theft of the session and cookie of the...

5.4CVSS5.5AI score0.00532EPSS
Exploits0References2
OSV
OSV
added 2020/04/07 1:15 p.m.3 views

CVE-2020-2174

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability...

6.1CVSS6.3AI score0.00816EPSS
Exploits0References2
Prion
Prion
added 2020/01/29 4:15 p.m.14 views

Design/Logic Flaw

Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848...

5CVSS5.8AI score0.03443EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2019/04/22 11:29 a.m.1 views

DEBIAN-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS9.4AI score0.07624EPSS
Exploits0References1
OSV
OSV
added 2019/04/22 11:29 a.m.3 views

ALPINE-CVE-2019-11234

FreeRADIUS before 3.0.19 does not prevent use of reflection for authentication spoofing, aka a "Dragonblood" issue, a similar issue to CVE-2019-9497...

9.8CVSS7.2AI score0.07624EPSS
Exploits0References1
OPENSUSE Linux
OPENSUSE Linux
added 2019/02/04 12:0 a.m.123 views

Security update for avahi (moderate)

openSUSE Security Update: Security update for avahi Announcement ID: openSUSE-SU-2019:0128-1 Rating: moderate References: 1120281 Cross-References: CVE-2018-1000845 Affected Products: openSUSE Leap 42.3 An update that fixes one vulnerability is now available. Description: This update for avahi...

9.1AI score
Exploits0References1
Cvelist
Cvelist
added 2012/11/14 12:0 a.m.27 views

CVE-2012-1895

The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, aka...

7.4AI score0.226EPSS
Exploits0References5
EUVD
EUVD
added 2012/11/14 12:0 a.m.8 views

EUVD-2012-4702

The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP or 2 a crafted .NET Framework application, a...

9.3CVSS7.2AI score0.24755EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2012/11/13 12:0 a.m.8 views

PT-2012-3633 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework versions 1.0 SP3 through 4 Description: The issue arises from improper enforcement of object permissions in the reflection implementation, allowing remote attackers to execute arbitrary code. This can be achieved...

9.3CVSS6.9AI score0.226EPSS
Exploits0References9
myhack58
myhack58
added 2011/09/01 12:0 a.m.15 views

VELOCITY local code execution vulnerability-vulnerability warning-the black bar safety net

by emptiness prodigal heart velocity is a J2EE MVC architecture the most commonly used presentation layer template file, due to the excellent performance, very much of the J2EE Application, use this template. Usually when in use, and other framework-binding, the most common framework is struts2,...

0.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/10/11 12:0 a.m.30 views

SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6734)

The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...

9.3CVSS8.4AI score0.03963EPSS
Exploits8References16
Tenable Nessus
Tenable Nessus
added 2010/10/11 12:0 a.m.25 views

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6735)

The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption rv:1.9.1.6. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982 - bmo504843,bmo523816 Memory safety fixes in...

9.3CVSS8.5AI score0.04785EPSS
Exploits8References24
FreeBSD
FreeBSD
added 2010/03/16 12:0 a.m.36 views

mozilla -- multiple vulnerabilities

Mozilla Project reports: MFSA 2010-07 Fixes for potentially exploitable crashes ported to the legacy branch MFSA 2010-06 Scriptable plugin execution in SeaMonkey mail MFSA 2009-68 NTLM reflection vulnerability MFSA 2009-62 Download filename spoofing with RTL override MFSA 2009-59 Heap buffer...

10CVSS6.9AI score0.28167EPSS
Exploits48References6
Tenable Nessus
Tenable Nessus
added 2010/01/03 12:0 a.m.47 views

openSUSE Security Update : seamonkey (seamonkey-1738)

The Mozilla SeaMonkey browser suite was updated to version 2.0.1, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflectio...

9.3CVSS8.4AI score0.04785EPSS
Exploits9References12
Tenable Nessus
Tenable Nessus
added 2009/12/23 12:0 a.m.27 views

SuSE 10 Security Update : XULRunner (ZYPP Patch Number 6736)

The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...

9.3CVSS8.4AI score0.03963EPSS
Exploits8References16
Tenable Nessus
Tenable Nessus
added 2009/12/23 12:0 a.m.36 views

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 6733)

The Mozilla Firefox was updated to version 3.5.6, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption rv:1.9.1.6. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3980 / CVE-2009-3982 - bmo504843,bmo523816 Memory safety fixes in...

9.3CVSS8.5AI score0.04785EPSS
Exploits8References24
Tenable Nessus
Tenable Nessus
added 2009/12/23 12:0 a.m.48 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1727)

The Mozilla Firefox was updated to version 3.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - MFSA 2009-65/CVE-2009-3979/CVE-2009-3981 Crashes with evidence of memory corruption 1.9.0.16 - MFSA 2009-68/CVE-2009-3983 bmo487872 NTLM reflection vulnerability...

9.3CVSS8.4AI score0.03963EPSS
Exploits8References7
Tenable Nessus
Tenable Nessus
added 2009/12/22 12:0 a.m.33 views

SuSE 11 Security Update : XULRunner (SAT Patch Number 1716)

The Mozilla XULRunner engine was updated to version 1.9.0.16, fixing lots of bugs and various security issues. The following issues were fixed : - Crashes with evidence of memory corruption 1.9.0.16. MFSA 2009-65 / CVE-2009-3979 / CVE-2009-3981 - bmo487872 NTLM reflection vulnerability. MFSA...

9.3CVSS8.4AI score0.03963EPSS
Exploits8References17
Mozilla
Mozilla
added 2009/12/15 12:0 a.m.30 views

NTLM reflection vulnerability — Mozilla

Security researcher Takehiro Takahashi of the IBM X-Force reported that Mozilla's NTLM implementation was vulnerable to reflection attacks in which NTLM credentials from one application could be forwarded to another arbitrary application via the browser. If an attacker could get a user to visit a...

6.8CVSS9.1AI score0.02202EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder