1787 matches found
DEBIAN-CVE-2016-5730
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...
UBUNTU-CVE-2016-5730
phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...
Apache Struts vulnerable to denial-of-service (DoS)
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. ASAI Ken reported this...
Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)
Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...
CVE-2016-1797
Apple Type Services ATS in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app...
Joyent Node.js validator security bypass vulnerability (CNVD-2016-02547)
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...
Joyent Node.js validator security bypass vulnerability (CNVD-2016-02546)
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...
Joyent Node.js validator security bypass vulnerability
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...
Joyent Node.js validator security bypass vulnerability (CNVD-2016-02548)
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...
Joyent Node.js validator security bypass vulnerability (CNVD-2016-02545)
Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...
Stored XSS in ViewWorkflowTransition.jsp
Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...
Stored XSS in ViewWorkflowTransition.jsp
Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...
Cross-Site Scripting in link validator component
More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/...
[SECURITY] Fedora 22 Update: nodejs-is-my-json-valid-2.12.4-1.fc22
A JSONSchema validator that uses code generation to be extremely fast...
[SECURITY] Fedora 23 Update: nodejs-is-my-json-valid-2.12.4-1.fc23
A JSONSchema validator that uses code generation to be extremely fast...
Regular Expression Denial of Service
Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...
Multiple XSS Filter Bypasses
Overview Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the denylist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test...
Updated struts packages fix CVE-2015-0899
Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...
Updated jsoup package fixes security vulnerability
Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '' when reaching EOF CVE-2015-6748...
Debian DLA-292-1 : libstruts1.2-java security update
The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web...