Lucene search
K

1787 matches found

OSV
OSV
added 2016/07/03 1:59 a.m.2 views

DEBIAN-CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

5.3CVSS6.9AI score0.02616EPSS
Exploits0References1
OSV
OSV
added 2016/07/03 1:59 a.m.8 views

UBUNTU-CVE-2016-5730

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attackers to obtain sensitive information via vectors involving 1 an array value to FormDisplay.php, 2 incorrect data to validate.php, 3 unexpected data to Validator.php, 4 a missing config directory...

5.3CVSS6.8AI score0.02616EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/06/20 7:36 a.m.43 views

Apache Struts vulnerable to denial-of-service (DoS)

Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Web applications that are developed using Apache Struts 2 contain a denial-of-service DoS vulnerability due to an issue in URLValidator. ASAI Ken reported this...

5.3CVSS6.8AI score0.10638EPSS
Exploits0References6
CNVD
CNVD
added 2016/06/16 12:0 a.m.25 views

Apache Struts2 Remote Code Execution Vulnerability (CNVD-2016-04089)

Apache Struts is the United States Apache Apache Software Foundation is responsible for maintaining an open source project , is a set of open source MVC framework for creating enterprise-class Java Web applications , mainly provides two versions of the framework products , Struts 1 and Struts 2...

5.3CVSS9.1AI score0.10638EPSS
Exploits0References1
OSV
OSV
added 2016/05/20 10:59 a.m.4 views

CVE-2016-1797

Apple Type Services ATS in Apple OS X before 10.11.5 allows attackers to bypass intended FontValidator sandbox-policy restrictions and execute arbitrary code in a privileged context via a crafted app...

7.8CVSS6AI score0.01655EPSS
Exploits0References5
CNVD
CNVD
added 2016/04/24 12:0 a.m.6 views

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02547)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

6.1CVSS7.8AI score0.01857EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/24 12:0 a.m.6 views

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02546)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

6.1CVSS7.8AI score0.01857EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/24 12:0 a.m.5 views

Joyent Node.js validator security bypass vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

6.1CVSS6.9AI score0.01857EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/24 12:0 a.m.6 views

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02548)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

6.1CVSS7.8AI score0.02048EPSS
Exploits0References1
CNVD
CNVD
added 2016/04/24 12:0 a.m.38 views

Joyent Node.js validator security bypass vulnerability (CNVD-2016-02545)

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A security vulnerability in Joyent Node.js validator allows remote attackers to bypass filters by submitting special input...

6.1CVSS7.8AI score0.02644EPSS
Exploits1References1
Atlassian
Atlassian
added 2016/03/21 10:33 p.m.20 views

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2016/03/21 10:33 p.m.18 views

Stored XSS in ViewWorkflowTransition.jsp

Step to reproduce: 1 Go to workflow edit page as an administrator 2 Add validator "User Permission Validator" to transition with user name parameter "alert2" 3 It will trigger xss on ViewWorkflowTransition page...

2.7AI score
Exploits0Affected Software1
Friends Of PHP
Friends Of PHP
added 2016/02/16 12:32 p.m.13 views

Cross-Site Scripting in link validator component

More info at https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-002/...

7.2AI score
Exploits0Affected Software1
Fedora
Fedora
added 2016/02/12 12:23 p.m.15 views

[SECURITY] Fedora 22 Update: nodejs-is-my-json-valid-2.12.4-1.fc22

A JSONSchema validator that uses code generation to be extremely fast...

1.8AI score
Exploits0
Fedora
Fedora
added 2016/02/03 8:52 p.m.13 views

[SECURITY] Fedora 23 Update: nodejs-is-my-json-valid-2.12.4-1.fc23

A JSONSchema validator that uses code generation to be extremely fast...

1.8AI score
Exploits0
Node.js
Node.js
added 2015/10/25 5:21 p.m.27 views

Regular Expression Denial of Service

Overview The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr =...

5CVSS3.1AI score0.01093EPSS
Exploits0Affected Software1
Node.js
Node.js
added 2015/10/17 7:41 p.m.372 views

Multiple XSS Filter Bypasses

Overview Versions of validator prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the denylist-based filter. Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: This is a test...

4.3CVSS0.7AI score0.02048EPSS
Exploits0Affected Software1
Mageia
Mageia
added 2015/09/08 5:55 p.m.36 views

Updated struts packages fix CVE-2015-0899

Updated struts packages fix security vulnerability: The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. Whe...

7.5CVSS7.8AI score0.21261EPSS
Exploits0References2
Mageia
Mageia
added 2015/09/08 7:20 a.m.32 views

Updated jsoup package fixes security vulnerability

Jsoup before 1.8.3 was vulnerable to a possible XSS issue in the validator, related to how it handled tags without a closing '' when reaching EOF CVE-2015-6748...

6.1CVSS6.3AI score0.02207EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/08/18 12:0 a.m.16 views

Debian DLA-292-1 : libstruts1.2-java security update

The Validator in Apache Struts 1.1 and later contains a function to efficiently define rules for input validation across multiple pages during screen transitions. This function contains a vulnerability where input validation may be bypassed. When the Apache Struts 1 Validator is used, the web...

5.4AI score
Exploits0References2
Rows per page
Query Builder