Lucene search
K

2213 matches found

Atlassian
Atlassian
added 2010/01/20 6:41 p.m.18 views

autocomplete box in page restrictions finds deleted users, wrong usernames

We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...

0.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/01/20 6:41 p.m.25 views

autocomplete box in page restrictions finds deleted users, wrong usernames

We recently migrated our user management from JIRA to Crowd, our Confluence instance used to link to JIRA for authentication, and now links to Crowd. We now found that, when editing the restrictions on individual pages, the autocomplete feature in that dialog acts strange: Users that have been...

0.7AI score
Exploits0
Packet Storm
Packet Storm
added 2010/01/16 12:0 a.m.22 views

Testlink TestManagement And Execution System Directory Traversal

1.Title :Multiple Directory traversal Vulnerabilites in Testlink Test Management and Execution System. Discovered by: Prashant Khandelwal [email protected] 2.Vulnerability Information Class: Directory Traversal Remotely Exploitable: Yes Locally Exploitable: No 3.Vulnerable packages. Version...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/01/07 12:0 a.m.20 views

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code :...

7AI score
Exploits0
0day.today
0day.today
added 2010/01/07 12:0 a.m.23 views

0day Drupal <= 6.15 Multiple Permanent XSS

Exploit for unknown platform in category web applications ========================================== 0day Drupal = 6.15 Multiple Permanent XSS ========================================== Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/01/07 12:0 a.m.41 views

Drupal 6.15 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: 0day Drupal = 6.15 Multiple Permanent XSS Date: 07 01 2009 Author: Emanuele 'emgent' Gentili Software Link: http://ftp.drupal.org/files/projects/drupal-6.15.tar.gz Version: Drupal = 6.15 CVE : N/A Code : http://www.backtrack.it/emgent/exploits/DrupalMultiplePermanentXss-20090107.tx...

7.4AI score
Exploits0
myhack58
myhack58
added 2009/12/06 12:0 a.m.69 views

No xp_cmdshell to mention the right-vulnerability warning-the black bar safety net

Author: charley008 from: evil octal With sa, but without xpcmdshell, how to restore showing error. As is xxxx. cpp shucks error. Or cannot find the specified module, but I encountered so many times. With exec spoacreate 'wscript. shell'there is no way the case.. This method can be used Many serve...

7.2AI score
Exploits0
Drupal
Drupal
added 2009/10/28 12:0 a.m.11 views

SA-CONTRIB-2009-084 - LDAP Integration - Multiple Vulnerabilities

The LDAP Integration module enables users to authenticate against LDAP servers. The module does not properly implement confirmation pages for the LDAP server activation/deactivation which could lead to a Cross Site Request Forgery CSRF attack. The user defined server name is not properly escaped ...

6.3AI score
Exploits0References12
OpenVAS
OpenVAS
added 2009/08/17 12:0 a.m.23 views

Fedora Core 11 FEDORA-2009-8101 (sssd)

The remote host is missing an update to sssd announced via advisory FEDORA-2009-8101. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

7.5CVSS6.5AI score0.01979EPSS
Exploits2References2
Atlassian
Atlassian
added 2009/05/29 4:14 a.m.22 views

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/05/29 4:14 a.m.19 views

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...

2.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/05/29 4:14 a.m.17 views

XSS in user links

A user with username "alert"foo" that is linked to via \username markup results in script being executed. Curiously, viewing the space homepage of that user results in a blank page. This of course is prevented for public signup, but if the user gets created via other means, i.e. external user...

2.4AI score
Exploits0
myhack58
myhack58
added 2009/05/28 12:0 a.m.13 views

dvbbs delete the upload. inc after the shell was a method-vulnerability warning-the black bar safety net

dvbbs delete the upload. inc after the shell was a method - the premise is to give the front Desk administrative privileges Into the background after Go to the user management Just change the personal e-mail address for %eval requestchr3 5%@163.com After saving Find the mail list export Then expo...

0.3AI score
Exploits0
Drupal
Drupal
added 2009/05/13 12:0 a.m.13 views

SA-CONTRIB-2009-026 - LoginToboggan - Access bypass

LoginToboggan includes a setting which, if enabled, allows users to log in using either their username or e-mail address. In some circumstances, previously blocked users may still be able to access the site if this setting is enabled. Versions affected LoginToboggan 6.x-1.x prior to 6.x-1.5...

6.8AI score
Exploits0References4
Fedora
Fedora
added 2009/04/27 9:22 p.m.21 views

[SECURITY] Fedora 10 Update: prewikka-0.9.14-2.fc10

Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Providing numerous features, Prewikka facilitates the work of users and analysts. It provides alert aggregation and sensor and hearbeat views, and has user management and configurable filters. It has access t...

3AI score
Exploits0
Fedora
Fedora
added 2009/04/27 9:20 p.m.10 views

[SECURITY] Fedora 9 Update: prewikka-0.9.14-2.fc9

Prewikka is a graphical front-end analysis console for the Prelude Hybrid IDS Framework. Providing numerous features, Prewikka facilitates the work of users and analysts. It provides alert aggregation and sensor and hearbeat views, and has user management and configurable filters. It has access t...

3AI score
Exploits0
Atlassian
Atlassian
added 2009/04/10 4:45 a.m.22 views

Partial space admin permission/authority

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-15172. panel I followed these guidelines, but this is not fine grained enough...

0.3AI score
Exploits0Affected Software1
Packet Storm
Packet Storm
added 2009/03/26 12:0 a.m.32 views

Frog CMS 0.9.4 Traversal / XSS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Security Evaluation of Frog CMS Version tested: 0.9.4 by Justin C. Klein Keane This advisory is also posted at http://www.madirish.net/vulnerabilities/frog-cms Frog CMS http://www.madebyfrog.com/ is a lightweight content management system written in P...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2009/02/21 12:0 a.m.13 views

Linux/x86 - adds user 'xtz' without password to /etc/passwd - 59 bytes

No description provided by source. / linux/x86 adds user 'xtz' without password to /etc/passwd - 59 bytes - izik [email protected] / char shellcode = "\x6a\x05" // push $0x5 // // exit: // "\x58" // pop %eax "\x99" // cltd "\x31\xc9" // xor %ecx,%ecx "\x66\xb9\x01\x04" // mov $0x401,%cx "\x52" // pu...

7.1AI score
Exploits0
myhack58
myhack58
added 2009/01/15 12:0 a.m.12 views

Establish a remote connection for the root user-bug warning-the black bar safety net

The following statement has the ROOT user the same permissions. Everyone in the holding station should come across. the root user of mysql, you can only locally connected, the external refuse the connection. The following methods can help you solve this problem, the following statements function...

0.8AI score
Exploits0
Rows per page
Query Builder