Lucene search
K

450 matches found

OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.28 views

Nmap NSE net: http-php-version

Attempts to retrieve the PHP version from a web server. PHP has a number of magic queries that return images or text that can vary with the PHP version. This script uses the following queries: '/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42': gets a GIF logo, which changes on April Fool's Day...

Exploits0
NVD
NVD
added 2011/03/15 5:55 p.m.14 views

CVE-2011-1427

Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Language parameter to Pages/login.aspx, 2 HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or 3 User-Agent header to...

4.3CVSS5.8AI score0.01569EPSS
Exploits1References5
Prion
Prion
added 2011/03/15 5:55 p.m.14 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kodak InSite 5.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 Language parameter to Pages/login.aspx, 2 HeaderWarning parameter to Troubleshooting/DiagnosticReport.asp, or 3 User-Agent header to...

4.3CVSS6AI score0.01569EPSS
Exploits1References5Affected Software1
Packet Storm
Packet Storm
added 2011/02/07 12:0 a.m.22 views

JAKCMS 2.0 PRO RC5 Stored Cross Site Scripting

Exploit Title: JAKCMS 2.0 PRO RC5 stored XSS via useragent HTTP header Injection Date: 7-2-2011 Author: Saif El-Sherei Software Link: http://php.opensourcecms.com/scripts/redirect/download.php?id=480 Version: JAKCMS PRO 2.0 RC5 and probably earlier version Tested on: Firefox 3.0.15, , IE 8 Vendor...

7.4AI score
Exploits0
Prion
Prion
added 2011/02/01 6:0 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe ColdFusion before 9.0.1 CHF1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header in an id=- query to a .cfm file...

4.3CVSS6.1AI score0.04085EPSS
Exploits1References6
NVD
NVD
added 2010/12/22 9:0 p.m.22 views

CVE-2010-4595

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...

5CVSS6.5AI score0.0126EPSS
Exploits0References2
Prion
Prion
added 2010/12/22 9:0 p.m.14 views

Design/Logic Flaw

The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 disables the http.device.stanza blacklisting functionality for HTTP Access Services HTTP-AS, which allows remote attackers to bypass intended access restrictions via an HTTP request that contains a disallowed User-Agent header...

5CVSS7AI score0.0126EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2010/11/02 2:26 a.m.12 views

CVE-2010-4147

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...

7.5CVSS8.5AI score0.01299EPSS
Exploits0References7
Prion
Prion
added 2010/11/02 2:26 a.m.11 views

Sql injection

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...

7.5CVSS9.3AI score0.01299EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2010/11/01 11:0 p.m.15 views

CVE-2010-4147

Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping Cart 1.9.1 build 8356 free edition and earlier allow remote attackers to execute arbitrary SQL commands via the User-Agent header to 1 index.php and 2 product-list.php...

8.5AI score0.01299EPSS
Exploits0References7
Cvelist
Cvelist
added 2010/02/05 10:13 p.m.20 views

CVE-2003-1587

Cross-site scripting XSS vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header...

5.6AI score0.0095EPSS
Exploits1References2
OSV
OSV
added 2009/12/30 10:30 p.m.4 views

DEBIAN-CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

4.3CVSS6AI score0.01056EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2009/12/30 10:30 p.m.29 views

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

4.3CVSS6AI score0.01056EPSS
Exploits0References1
OSV
OSV
added 2009/12/30 10:30 p.m.8 views

CVE-2008-7250

Cross-site scripting XSS vulnerability in Squid Analysis Report Generator Sarg 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists...

5.5AI score
Exploits0References3
Prion
Prion
added 2009/10/09 2:30 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...

4.3CVSS6.2AI score0.01263EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2009/10/09 2:18 p.m.50 views

CVE-2009-3652

The CVE-2009-3652 entry covers a Cross-site scripting (XSS) vulnerability in Drupal's Organic Groups (OG) module. It affects OG 5.x-7.x before 5.x-7.4, OG 5.x-8.x before 5.x-8.1, and OG 6.x-1.x before 6.x-1.4. The issue allows remote authenticated users (with create or edit group nodes permission...

3.5CVSS5.3AI score0.01043EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2009/10/09 2:18 p.m.23 views

CVE-2009-3651

Cross-site scripting XSS vulnerability in the "Monitor browsers' feature in Browscap before 5.x-1.1 and 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header...

5.7AI score0.01263EPSS
Exploits0References7
OpenVAS
OpenVAS
added 2009/04/09 12:0 a.m.21 views

Mandriva Update for sarg MDVSA-2008:079 (sarg)

Check for the Version of sarg OpenVAS Vulnerability Test Mandriva Update for sarg MDVSA-2008:079 sarg Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

10CVSS0.06681EPSS
Exploits0References2
Cvelist
Cvelist
added 2009/04/07 10:0 a.m.18 views

CVE-2008-6645

Cross-site scripting XSS vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header $SERVER 'HTTPUSERAGENT', which is not properly handled when displaying log files...

5.7AI score0.01022EPSS
Exploits0References3
Google Chrome Security Advisories
Google Chrome Security Advisories
added 2009/02/03 12:0 a.m.70 views

Stable and Beta Update: Incognito Mode Fix

Google Chrome's Beta and Stable channels have been updated to 1.0.154.48. The change in 1.0.154.46 to fix Hotmail caused a problem for users in Incognito mode trying to access sites which depend on the User-Agent header. This header identifies the type of browser making the request and should be...

4.3CVSS8.1AI score0.29355EPSS
Exploits3Affected Software1
Rows per page
Query Builder