Lucene search
K

319 matches found

NVD
NVD
added 2014/04/18 2:55 p.m.13 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

4.3CVSS7.2AI score0.01626EPSS
Exploits0References10
OSV
OSV
added 2014/04/18 2:55 p.m.7 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

5.4AI score
Exploits0References10
Prion
Prion
added 2014/04/18 2:55 p.m.29 views

Cross site scripting

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

4.3CVSS6AI score0.01626EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2014/04/18 2:0 p.m.23 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

6.7AI score0.01626EPSS
Exploits0References10
CVE
CVE
added 2014/04/18 2:0 p.m.277 views

CVE-2014-2856

CVE-2014-2856 affects the Common UNIX Printing System (CUPS) web interface. The vulnerability is a cross-site scripting (XSS) flaw in scheduler/client.c related to the is_path_absolute function, exploitable via the URL path. It exists in CUPS versions before 1.7.2 and allows remote attackers to i...

4.3CVSS6.5AI score0.01626EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2014/04/18 2:0 p.m.22 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

4.3CVSS7AI score0.01626EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2014/04/18 12:0 a.m.52 views

CVE-2014-2856

Cross-site scripting XSS vulnerability in scheduler/client.c in Common Unix Printing System CUPS before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, related to the ispathabsolute function...

4.3CVSS7.2AI score0.01626EPSS
Exploits0References3
Drupal
Drupal
added 2013/11/06 12:0 a.m.29 views

SA-CONTRIB-2013-088 - Secure Pages - Missing Encryption of Sensitive Data

The Secure Pages module manages redirects between HTTP and HTTPS pages. A flaw in the URL path matching could lead some pages and forms to be transmitted via plain HTTP, even if the administrator intended those pages to use HTTPS. This flaw may surface either due to a malicious user enticing a us...

4.3CVSS6.2AI score0.00965EPSS
Exploits0References10
Atlassian
Atlassian
added 2013/09/17 9:4 a.m.18 views

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

2.7AI score
Exploits0Affected Software1
Saint
Saint
added 2013/07/26 12:0 a.m.25 views

HP System Management Homepage ginkgosnmp.inc Command Injection

Added: 07/26/2013 CVE: CVE-2013-3576 BID: 60471 OSVDB: 94191 Background HP System Management Homepage SMH is a web-based interface that consolidates the management of ProLiant and Integrity servers. Problem A vulnerability in HP SMH ginkgosnmp.inc script allows command execution by a remote...

9CVSS6.2AI score0.66592EPSS
Exploits12
Nmap
Nmap
added 2011/10/20 2:32 a.m.699 views

http-put NSE Script

Uploads a local file to a remote web server using the HTTP PUT method. You must specify the filename and URL path with NSE arguments. Script Arguments http-put.file - The full path to the local file that should be uploaded to the server http-put.url - The remote directory and filename to store...

10CVSS9.2AI score0.99448EPSS
Exploits33
securityvulns
securityvulns
added 2010/11/01 12:0 a.m.95 views

CVE-2010-3700: Spring Security bypass of security constraints

CVE-2010-3700 - Spring Security - Bypassing of security constraints Severity: Important Vendor: SpringSource, a division of VMware Versions affected: Spring Security 3.0.0 to 3.0.3 Spring Security 2.0.0 t0 2.0.5 Acegi Security 1.0.0 to 1.0.7 Description: Spring Security does not consider URL path...

5CVSS6.1AI score0.01673EPSS
Exploits1
Cvelist
Cvelist
added 2010/05/18 6:0 p.m.21 views

CVE-2010-1944

Multiple PHP remote file inclusion vulnerabilities in openMairie openCimetiere 2.01, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathom parameter to 1 autorisation.class.php, 2 courrierautorisation.class.php, 3 droit.class.php, 4...

7.6AI score0.05832EPSS
Exploits1References29
OSV
OSV
added 2008/09/25 7:25 p.m.1 views

DEBIAN-CVE-2008-4242

ProFTPD 1.3.1 interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery CSRF attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web...

6.8CVSS7.6AI score0.07066EPSS
Exploits1References1
Prion
Prion
added 2007/05/10 12:19 a.m.49 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp X5, 6, and Server 6 allows remote attackers to inject arbitrary web script or HTML via a URL after a hash in the URL path, as demonstrated using en/frameset-7.html, and possibly other unspecified vectors involving templates and 1 whstart.js...

4.3CVSS6.1AI score0.05556EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2007/04/27 12:0 a.m.28 views

CVE-2007-2329

PHP remote file inclusion vulnerability in searchbot.php in Searchactivity allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

7.5AI score0.01362EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2007/01/08 12:0 a.m.45 views

SOL6924 - Insertion of special characters in URL path circumvents Accessibility Scope and Access Control Lists

It is possible to bypass the Deny list, configured in the Accessibility Scope section located on the Portal Access: Web Applications: Master Group Settings page, by inserting certain special characters into a URL path. In FirePass version 6.0, this issue also applies to the Deny list configured...

1.4AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2006/06/21 12:0 a.m.24 views

DCP-Portal.txt

Kurdish Security Advisory irc.gigachat.net kurdhack http://www.milw0rm.com/exploits/1905 Editor DHTML Scripting bugz $urlpatheditor = "$rooturl/library/editor/"; $abspatheditor = "$root/library/editor/"; ? Proof Of Concept...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/05/27 12:0 a.m.34 views

Plume CMS Remote File Include

Vendor: Plume CMS http://plume-cms.net Vuln: Remote File Include Discovered: beford xbefordx gmail com Vulnerable File/Code ./plume-1.0.3/manager/frontinc/prepend.php code includeonce $PXconfig'managerpath'.'/conf/config.php'; /code...

0.3AI score
Exploits0
Rows per page
Query Builder