Lucene search
K

1617 matches found

RedHat Linux
RedHat Linux
added 2013/07/09 5:51 p.m.3 views

activemq: Multiple XSS flaws in web demos

Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...

4.3CVSS6.9AI score0.06018EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2013/07/09 5:51 p.m.8 views

ActiveMQ: XSS vulnerability in portfolioPublish demo application

Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...

4.3CVSS7AI score0.05895EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2013/06/04 12:0 a.m.23 views

Novell iManager Multiple Vulnerabilities

The host is running Novell iManager and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovellimanagermultvuln.nasl 6079 2017-05-08 09:03:33Z teissa $ Novell iManager Multiple Vulnerabilities Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks...

10CVSS1.7AI score0.01635EPSS
Exploits0References1
NVD
NVD
added 2013/04/24 10:28 a.m.22 views

CVE-2013-3268

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

10CVSS6.6AI score0.01635EPSS
Exploits0References4
Prion
Prion
added 2013/04/24 10:28 a.m.20 views

Code injection

Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...

10CVSS7.3AI score0.01635EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2013/04/21 12:0 a.m.5 views

PT-2013-1884 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various vectors, including th...

4.3CVSS7AI score0.06018EPSS
Exploits1References10
exploitpack
exploitpack
added 2013/04/18 12:0 a.m.50 views

Oracle WebCenter Sites Satellite Server - HTTP Header Injection

Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...

4CVSS0.02207EPSS
Exploits5
Oracle linux
Oracle linux
added 2013/02/27 12:0 a.m.60 views

sssd security, bug fix and enhancement update

1.9.2-82 - Resolves: rhbz888614 - Failure in memberof can lead to failed database update 1.9.2-81 - Resolves: rhbz903078 - TOCTOU race conditions by copying and removing directory trees 1.9.2-80 - Resolves: rhbz903078 - Out-of-bounds read flaws in autofs and ssh services responders 1.9.2-79 -...

5CVSS7.3AI score0.03324EPSS
Exploits0
NVD
NVD
added 2012/08/12 9:55 p.m.25 views

CVE-2012-2585

Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...

4.3CVSS5.7AI score0.01353EPSS
Exploits1References1
Prion
Prion
added 2012/08/12 9:55 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

4.3CVSS6AI score0.01343EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2012/07/11 12:0 a.m.4 views

PT-2012-1853 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.13 Description: The issue allows remote authenticated users to cause a denial of service, resulting in an infinite request loop. This is achieved by specifying a zero wait time for message refreshing in the...

4CVSS6.3AI score0.01919EPSS
Exploits0References5
OSV
OSV
added 2012/06/05 10:55 p.m.3 views

PYSEC-2012-32

Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...

4.3CVSS6AI score0.02415EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2012/02/22 12:0 a.m.29 views

GLSA-201202-02 : Quagga: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201202-02 Quagga: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A BGP peer could send a Route-Refresh message with...

7.5CVSS8.9AI score0.13426EPSS
Exploits1References10
NVD
NVD
added 2012/01/03 7:55 p.m.16 views

CVE-2011-5048

Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...

4.3CVSS5.6AI score0.01269EPSS
Exploits0References6
Prion
Prion
added 2012/01/03 7:55 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...

4.3CVSS5.9AI score0.01269EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2012/01/03 7:0 p.m.42 views

CVE-2011-5048

IBM Web Experience Factory (WEF, aka WebSphere Portlet Factory) versions 7.0 and 7.0.1 are reported vulnerable to multiple XSS issues. The vulnerabilities allow remote attackers to inject arbitrary script/HTML through (1) text INPUT elements and (2) TEXTAREA elements, with the issue described as ...

4.3CVSS5.7AI score0.01269EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2012/01/03 7:0 p.m.19 views

CVE-2011-5048

Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...

5.6AI score0.01269EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2011/12/13 12:0 a.m.69 views

SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5219 / 5222 / 5223)

The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. The following security issues have been fixed : - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies t...

8.8CVSS6.6AI score0.01086EPSS
Exploits2References42
Tenable Nessus
Tenable Nessus
added 2011/11/08 12:0 a.m.12 views

Debian DSA-2338-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...

5AI score
Exploits0References8
OSV
OSV
added 2011/11/07 12:0 a.m.45 views

DSA-2338-1 moodle - several

Bulletin has no description...

6.8CVSS6AI score0.02102EPSS
Exploits0
Rows per page
Query Builder