1617 matches found
activemq: Multiple XSS flaws in web demos
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
ActiveMQ: XSS vulnerability in portfolioPublish demo application
Cross-site scripting XSS vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092...
Novell iManager Multiple Vulnerabilities
The host is running Novell iManager and is prone to multiple unspecified vulnerabilities. OpenVAS Vulnerability Test $Id: gbnovellimanagermultvuln.nasl 6079 2017-05-08 09:03:33Z teissa $ Novell iManager Multiple Vulnerabilities Authors: Arun Kallavi Copyright: Copyright c 2013 Greenbone Networks...
CVE-2013-3268
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...
Code injection
Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after a logout action, which has unspecified impact and remote attack vectors...
PT-2013-1884 · Apache · Apache Activemq
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.8.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting XSS attacks. This can be achieved through various vectors, including th...
Oracle WebCenter Sites Satellite Server - HTTP Header Injection
Oracle WebCenter Sites Satellite Server - HTTP Header Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: HTTP header injection/Cache poisoning in Oracle WebCenter Sites Satellite Server product: Oracle WebCenter...
sssd security, bug fix and enhancement update
1.9.2-82 - Resolves: rhbz888614 - Failure in memberof can lead to failed database update 1.9.2-81 - Resolves: rhbz903078 - TOCTOU race conditions by copying and removing directory trees 1.9.2-80 - Resolves: rhbz903078 - Out-of-bounds read flaws in autofs and ssh services responders 1.9.2-79 -...
CVE-2012-2585
Multiple cross-site scripting XSS vulnerabilities in ManageEngine ServiceDesk Plus 8.1 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
PT-2012-1853 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.13 Description: The issue allows remote authenticated users to cause a denial of service, resulting in an infinite request loop. This is achieved by specifying a zero wait time for message refreshing in the...
PYSEC-2012-32
Cross-site scripting XSS vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard Horizon folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console...
GLSA-201202-02 : Quagga: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-201202-02 Quagga: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Quagga. Please review the CVE identifiers referenced below for details. Impact : A BGP peer could send a Route-Refresh message with...
CVE-2011-5048
Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...
CVE-2011-5048
IBM Web Experience Factory (WEF, aka WebSphere Portlet Factory) versions 7.0 and 7.0.1 are reported vulnerable to multiple XSS issues. The vulnerabilities allow remote attackers to inject arbitrary script/HTML through (1) text INPUT elements and (2) TEXTAREA elements, with the issue described as ...
CVE-2011-5048
Multiple cross-site scripting XSS vulnerabilities in IBM Web Experience Factory aka WEF, formerly WebSphere Portlet Factory 7.0 and 7.0.1 allow remote attackers to inject arbitrary web script or HTML via a 1 text INPUT element or 2 TEXTAREA element, related to an interaction between Smart Refresh...
SuSE 11.1 Security Update : Linux kernel (SAT Patch Numbers 5219 / 5222 / 5223)
The SUSE Linux Enterprise 11 Service Pack 1 kernel was updated to 2.6.32.46 and fixes various bugs and security issues. The following security issues have been fixed : - A signedness issue in CIFS could possibly have lead to to memory corruption, if a malicious server could send crafted replies t...
Debian DSA-2338-1 : moodle - several vulnerabilities
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...
DSA-2338-1 moodle - several
Bulletin has no description...