CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

HP System Management Homepage ginkgosnmp.inc Command Injection

Added: 07/26/2013 CVE: CVE-2013-3576 BID: 60471 OSVDB: 94191 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A vulnerability in HP SMH ginkgosnmp.inc script allows command execution by a remote...

http-put NSE Script

Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments. Script Arguments http-put.file - The full path to the local file that should be uploaded to the server http-put.url - The remote directory and filename to store...

CVE-2010-3700: Spring Security bypass of security constraints

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

CVE-2010-1944

Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 autorisation.class.php, 2 courrierautorisation.class.php, 3 droit.class.php, 4...

DEBIAN-CVE-2008-4242

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a hash in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and 1 whstart.js...

CVE-2007-2329

PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists

It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...

DCP-Portal.txt

Kurdish Security Advisory irc.gigachat.net kurdhack http://www.milw0rm.com/exploits/1905 Editor DHTML Scripting bugz $urlpatheditor = "$rooturl/library/editor/"; $abspatheditor = "$root/library/editor/"; ? Proof Of Concept...

Plume CMS Remote File Include

Vendor: Plume CMS http://plume-cms.net Vuln: Remote File Include Discovered: beford xbefordx gmail com Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...