Lucene search
K

114 matches found

Prion
Prion
added 2007/11/03 12:46 a.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

4.3CVSS6.2AI score0.02346EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2007/11/03 12:0 a.m.21 views

CVE-2007-5796

Cross-site scripting XSS vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists...

5.7AI score0.02346EPSS
Exploits0References5
myhack58
myhack58
added 2007/08/26 12:0 a.m.12 views

Move-2006_SP6 the latest vulnerability to obtain the administrator password-vulnerability warning-the black bar safety net

Ghost boy note: from 7j there to see, and there 7j write the received page. 7j:did not find he said the receiving page,only from have PHP write a. ? $filename = date"Ymd".". txt"; $time = @date"Y years m months d number of H points i points s seconds",time; $cookie = $POST'cookie'; $url =...

7.4AI score
Exploits0
CVE
CVE
added 2007/08/03 8:0 p.m.44 views

CVE-2007-4143

CVE-2007-4143 affects the phpCoupon Billing Control Panel (user.php). Affected: remote authenticated users can upgrade to Premium Member status by modifying a URL that includes a specific billing parameter and the substrings REQ=auth, status=success, and custom=upgrade; this may also relate to Pa...

4CVSS6.3AI score0.04163EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2007/03/08 10:19 p.m.21 views

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

7.5CVSS6AI score0.02144EPSS
Exploits0References1
Prion
Prion
added 2007/02/13 11:28 p.m.12 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php...

9.3CVSS7.4AI score0.01846EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2005/06/21 4:0 a.m.27 views

CVE-2002-1666

Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 allows remote attackers to execute unauthorized PL/SQL procedures by modifying the Oracle Applications URL...

6.4AI score0.02208EPSS
Exploits0References3
NVD
NVD
added 2004/08/06 4:0 a.m.13 views

CVE-2004-0682

comersusgatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL...

7.5CVSS6.7AI score0.06851EPSS
Exploits1References3
CVE
CVE
added 2002/03/15 5:0 a.m.43 views

CVE-2001-1152

Baltimore Technologies WEBsweeper 4.02: A URL blacklist management vulnerability allows remote attackers to bypass restrictions and reach unauthorized web servers by tampering with the requested URL. Exploitation vectors include (1) //, (2) /SUBDIR/.. to access parent directory, (3) /./, or (4) U...

7.5CVSS7.1AI score0.02443EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2002/02/05 12:0 a.m.47 views

Вставка PHP-кода в VikkiTikkiTavi (code execution)

Можифицировав URL можно запросить вставить в шаблон файл с другой машины...

1.6AI score
Exploits0Affected Software1
CVE
CVE
added 2001/09/18 4:0 a.m.54 views

CVE-2001-0383

CVE-2001-0383 affects PHP-Nuke up to version 4.4 and earlier. The banners.php Change operation can be invoked remotely without authentication, allowing modification of banner ad URLs. NVD lists a Network attack vector, low complexity, with no confidentiality impact, partial integrity impact, and ...

5CVSS7AI score0.06454EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2001/09/18 4:0 a.m.21 views

CVE-2001-0383

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication...

6.6AI score0.06454EPSS
Exploits0References4
securityvulns
securityvulns
added 2001/07/28 12:0 a.m.50 views

Проблема с баннерами в php-nuke (banner spoofing)

Можно удаленно поменять URL на которую ссылается баннер...

0.4AI score
Exploits0References2Affected Software1
CVE
CVE
added 2000/10/13 4:0 a.m.61 views

CVE-2000-0682

BEA WebLogic 5.1.x is affected by a source-code disclosure vulnerability: inserting /ConsoleHelp/ into a URL can cause the FileServlet to disclose source files. Multiple sources (NVD entry CVE-2000-0682 and OpenVAS/Nessus plugins) describe this WebLogic FileServlet source code disclosure issue. T...

5CVSS6.8AI score0.01661EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder