114 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...
CVE-2007-5796
Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...
Move-2006_SP6 the latest vulnerability to obtain the administrator password-vulnerability warning-the black bar safety net
Ghost boy note: from 7j there to see, and there 7j write the received page. 7j:did not find he said the receiving page,only from have PHP write a. ? $filename = date"Ymd".". txt"; $time = @date"Y years m months d number of H points i points s seconds",time; $cookie = $POST'cookie'; $url =...
CVE-2007-4143
CVE-2007-4143 affects the phpCoupon Billing Control Panel (user.php). Affected: remote authenticated users can upgrade to Premium Member status by modifying a URL that includes a specific billing parameter and the substrings REQ=auth, status=success, and custom=upgrade; this may also relate to Pa...
CVE-2007-1343
includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php...
CVE-2002-1666
Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL...
CVE-2004-0682
comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...
CVE-2001-1152
Baltimore Technologies WEBsweeper 4.02: A URL blacklist management vulnerability allows remote attackers to bypass restrictions and reach unauthorized web servers by tampering with the requested URL. Exploitation vectors include (1) //, (2) /SUBDIR/.. to access parent directory, (3) /./, or (4) U...
Вставка PHP-кода в VikkiTikkiTavi (code execution)
Можифицировав URL можно запросить вставить в шаблон файл с другой машины...
CVE-2001-0383
CVE-2001-0383 affects PHP-Nuke up to version 4.4 and earlier. The banners.php Change operation can be invoked remotely without authentication, allowing modification of banner ad URLs. NVD lists a Network attack vector, low complexity, with no confidentiality impact, partial integrity impact, and ...
CVE-2001-0383
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication...
Проблема с баннерами в php-nuke (banner spoofing)
Можно удаленно поменять URL на которую ссылается баннер...
CVE-2000-0682
BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...