Lucene search
K

1968 matches found

securityvulns
securityvulns
added 2007/04/12 12:0 a.m.86 views

CVE-2007-1872: Cross site scripting in toendaCMS 1.5.3

Cross site scripting in toendaCMS 1.5.3 security advisory References: http://www.toendacms.com/ https://vulners.com/cve/CVE-2007-1872 Description: Cross site scripting describes attacks that allow to insert malicious html or javascript code via get or post forms. This can be used to steal session...

4.3CVSS6.1AI score0.01965EPSS
Exploits1
Exploit DB
Exploit DB
added 2006/07/31 12:0 a.m.22 views

VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities

source: https://www.securityfocus.com/bid/19249/info VMware ESX is prone to multiple information-disclosure vulnerabilities. These issues are due to a design error in the application. The following issues were reported: 1. An information disclosure vulnerability that could disclose the session ID...

7AI score
Exploits0
CERT
CERT
added 2006/03/24 12:0 a.m.18 views

Pubcookie application server modules contain cross-site scripting vulnerabilities

Overview Cross-site scripting vulnerabilities in the Pubcookie application server modules could allow a remote attacker to gain access to sensitive information. Description Pubcookie is a software package that provides intra-institutional single-sign-on authentication for end-users over the web...

6.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2006/02/16 12:0 a.m.24 views

NeoMail neomail.pl sort Parameter XSS

The remote host is running NeoMail, an open source webmail application written in Perl. The installed version of this software fails to validate the 'sort' parameter in the 'neomail.pl' script before using it to generate dynamic content. An attacker may be able to exploit this issue to inject...

4.3CVSS5.8AI score0.01893EPSS
Exploits1References2
Prion
Prion
added 2006/01/25 11:3 a.m.12 views

Session fixation

claroinitlocal.inc.php in Claroline 1.7.2 uses guessable session cookies MD5 hash of connection time, which allows remote attackers to hijack sessions and possibly gain administrative privileges...

10CVSS7.6AI score0.02477EPSS
Exploits0References5Affected Software1
Exploit DB
Exploit DB
added 2005/07/06 12:0 a.m.20 views

Novell NetMail 3.x - Automatic Script Execution

source: https://www.securityfocus.com/bid/14171/info Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email message is viewed. A successful attack may allow...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/07/06 12:0 a.m.9 views

Novell NetMail 3.x - Automatic Script Execution

Novell NetMail 3.x - Automatic Script Execution source: https://www.securityfocus.com/bid/14171/info Novell NetMail email client is prone to an input validation vulnerability. Reports indicate that HTML and JavaScript attached to received email messages is executed automatically, when the email...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/06/30 12:0 a.m.14 views

Xoops < 2.0.12 Multiple XSS / SQL Injection

Binary data 3041.prm...

7.5CVSS7.3AI score0.0174EPSS
Exploits3References4
securityvulns
securityvulns
added 2005/05/28 12:0 a.m.42 views

[AppSecInc Advisory BEA05-V0100] BEA WebLogic Administration Console error page cross-site scripting vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 BEA WebLogic Administration Console error page cross-site scripting vulnerability AppSecInc Team SHATTER Security Advisory BEA05-V0100 http://www.appsecinc.com/resources/alerts/general/BEA-001.html May 27, 2005 Affected versions: BEA WebLogic Server 7...

Exploits0
Tenable Nessus
Tenable Nessus
added 2005/04/26 12:0 a.m.13 views

Horde Chora common-footer.inc Page Title XSS

According to its version, the remote installation of Chora fails to fully sanitize user-supplied input when setting the parent frame's page title by JavaScript in 'templates/common-footer.inc'. By leveraging this flaw, an attacker may be able to inject arbitrary HTML and script code into a user's...

5.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/02/01 12:0 a.m.34 views

ASP Portal - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic content. An attacker may reportedly inje...

7AI score
Exploits0
exploitpack
exploitpack
added 2004/02/01 12:0 a.m.12 views

ASP Portal - Multiple Vulnerabilities

ASP Portal - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/9659/info ASP Portal has been reported to be prone to multiple vulnerabilities. The first issue results from a lack of sufficient sanitization performed on user supplied data that is later incorporated into dynamic...

0.2AI score
Exploits0
CVE
CVE
added 2004/01/15 5:0 a.m.75 views

CVE-2003-0965

CVE-2003-0965 is a cross-site scripting (XSS) vulnerability in the Mailman admin CGI script before 2.1.4. The issue allows remote attackers to steal session cookies and perform unauthorized activities via the administrative interface. Affected: Mailman (admin CGI). Root cause: XSS in the admin UI...

6.8CVSS5.5AI score0.01997EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2004/01/15 5:0 a.m.45 views

CVE-2003-0965

Removed by vendor...

6.8CVSS6.7AI score0.01997EPSS
Exploits0
NVD
NVD
added 2003/12/31 5:0 a.m.14 views

CVE-2003-1249

WebIntelligence 2.7.1 uses guessable user session cookies, which allows remote attackers to hijack sessions...

7.5CVSS6.7AI score0.0259EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2003/11/17 8:25 p.m.7 views

Important: Red Hat Security Advisory: : Updated XFree86 packages provide security and bug fixes

Updated XFree86 packages for Red Hat Linux 9 provide security fixes to font libraries and XDM. XFree86 is an implementation of the X Window System providing the core graphical user interface and video drivers in Red Hat Linux. XDM is the X display manager. Multiple integer overflows in the transf...

10CVSS6.3AI score0.05427EPSS
Exploits0
securityvulns
securityvulns
added 2003/11/13 12:0 a.m.59 views

Corsaire Security Advisory: PeopleSoft IScript XSS issue

-- Corsaire Security Advisory -- Title: PeopleSoft IScript XSS issue Date: 04.07.03 Application: PeopleTools 8.20/8.43 and prior Environment: Various Author: Glyn Geoghegan [email protected] Audience: General distribution Reference: c030704-004 -- Scope -- The aim of this document is to...

4.3CVSS0.5AI score0.00948EPSS
Exploits0
securityvulns
securityvulns
added 2003/10/31 12:0 a.m.47 views

[Full-Disclosure] Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue

-- Corsaire Security Advisory -- Title: BEA WebLogic example InteractiveQuery.jsp XSS issue Date: 04.07.03 Application: BEA WebLogic 8.1 and prior Environment: Various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030704-008 -- Scope -- The aim of this...

4.3CVSS0.4AI score0.03437EPSS
Exploits1
Debian
Debian
added 2003/09/20 2:35 a.m.43 views

[SECURITY] [DSA-388-1] New kdebase packages fix multiple vulnerabilites in KDM

-------------------------------------------------------------------------- Debian Security Advisory DSA 388-1 [email protected] http://www.debian.org/security/ Matt Zimmerman September 19th, 2003 http://www.debian.org/security/faq -...

6.7AI score
Exploits0
securityvulns
securityvulns
added 2003/09/17 12:0 a.m.44 views

[KDE SECURITY ADVISORY] KDM vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 KDE Security Advisory: KDM vulnerabilities Original Release Date: 2003-09-16 URL: http://www.kde.org/info/security/advisory-20030916-1.txt 0. References http://cert.uni-stuttgart.de/archive/suse/security/2002/12/ msg00101.html...

10CVSS0.02678EPSS
Exploits0
Rows per page
Query Builder