58 matches found
Hitachi Vantara Pentaho Business Analytics Server 跨站脚本漏洞
Hitachi Vantara Pentaho Business Analytics Server is a modern data blending, integration, and business analytics platform from Hitachi, Ltd Hitachi, Japan. A security vulnerability exists in Hitachi Vantara Pentaho Business Analytics Server that originates from allowing malicious URLs to inject...
K94563369: BIG-IP APM vulnerability CVE-2020-5919
Security Advisory Description Rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding. CVE-2020-5919 Impact TMM may generate a core file and restart, causing...
K43523962: BIG-IP APM XSS vulnerability CVE-2016-9257
Security Advisory Description BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. CVE-2016-9257 Impact A malicious non-authenticated user may be able to inject JavaScript...
SUSE CVE-2007-1700
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbitrary code via a crafted string in the...
USN-5182-1: Roundcube Webmail vulnerabilities
It was discovered that Roundcube Webmail allowed JavaScript code to be present in the CDATA of an HTML message. A remote attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM...
Roundcube -- Multiple vulnerabilities
The Roundcube project reports: XSS issue in handling attachment filename extension in mimetype mismatch warning possible SQL injection via some session variables...
CVE-2020-5919
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...
CVE-2020-5919
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...
Code injection
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...
CVE-2020-5919
In versions 15.1.0-15.1.0.4, rendering of certain session variables by BIG-IP APM UI-based agents in an access profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding...
CVE-2020-5919
CVE-2020-5919 affects BIG-IP BIG-IP APM in 15.1.0-15.1.0.4 where rendering certain session variables in Modern customization can cause the Traffic Management Microkernel (TMM) to stop responding, potentially generating a core and disrupting traffic. The vulnerability is mitigated by upgrading to ...
F5 Networks BIG-IP : BIG-IP APM vulnerability (K94563369)
Rendering of certain session variables by BIG-IP APM UI-based agents in anaccess profile configured with Modern customization, may cause the Traffic Management Microkernel TMM to stop responding.CVE-2020-5919 Impact TMM may generate a core file and restart, causing traffic disruption or a failove...
CVE-2017-3966
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...
CVE-2017-3966
CVE-2017-3966 affects the web interface of McAfee Network Security Management (NSM) prior to 8.2.7.42.2. The issue is exploitation of session variables, resource IDs and other trusted credentials via reuse of an exposed session token in the application URL. This can allow remote attackers to affe...
CVE-2017-3966 SB10192 - Network Security Management (NSM) - Exploitation of session variables, resource IDs and other trusted credentials vulnerability
Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing the exposed session token in the application URL...
F5 BIG-IP - TMM vulnerability CVE-2016-9257
F5 BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting XSS injection due to rendering of not escaped/not encoded content of session variables in Access Reports. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...
CVE-2013-3985
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...
Design/Logic Flaw
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...
CVE-2013-3985
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 does not properly restrict application cookies, which allows remote attackers to read session variables by leveraging a weak setting of the Domain variable...
ecshop存储xss一枚,可打管理
简要描述: 中午不睡觉就为rank到100 成为普通白帽子,于是乎又看了一遍ec代码,话说后台漏洞不重视,咱就来前台把!最近有几个xss还看不到希望不要和我一样。。 详细说明: 说明一下啊 我下载的最新版本 而且打上了最新的所有补丁! 你要再说是部分版本存在 我就要抓狂了啊! xss产生的位置 includes/init.php 206行 if !isset$SESSION'userid' / 获取投放站点的名称 / $sitename = isset$GET'from' ? $GET'from' : addslashes$LANG'selfsite'; $fromad =...