Oracle JavaServer Faces contains multiple vulnerabilities

Overview Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information. Description Oracle JavaServer Faces contains multiple vulnerabilities which could allow an attacker to obtain sensitive information.Alex Kouzemtchenko and Jon Passki o...

SolarWinds Orion Network Performance Monitor 10.2.2 - Multiple Vulnerabilities

/ Exploit Title: SolarWinds Orion Network Performance Monitor 10.2.2 Multiple Vulnerabilities Date: Jul 21 2012 Author: muts Version: SolarWinds Orion Network Performance Monitor 10.2.2 Vendor URL: http://www.solarwinds.com/ Timeline: 29 May 2012: Vulnerability reported to CERT 30 May 2012:...

CVE-2010-4514

Cross-site scripting XSS vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the VIEWSTATE parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4514

Cross-site scripting XSS vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the VIEWSTATE parameter. NOTE: some of these details are obtained from third party information...

Microsoft .NET 'ASP.NET' Cross-Site Scripting vulnerability

The host is running Microsoft .NET and is prone to Cross-Site Scripting Vulnerability. OpenVAS Vulnerability Test $Id: gbmsdotnetxssvuln.nasl 6519 2017-07-04 14:08:14Z cfischer $ Microsoft .NET 'ASP.NET' Cross-Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbone...

Microsoft .NET Framework 3.5 ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2088,CVE-2010-2085 .NET Framework中的ASP.NET没有正确地处理未经加密的ViewState。通常ASP.Net的ViewState存储在名为 VIEWSTATE的隐藏字段中。如果页面的ViewState没有加密签名，就可以对多个标准.Net控件执行跨站脚本攻击。 Microsoft .NET Framework 3.5 厂商补丁： Microsoft --------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本：...

Oracle Mojarra ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2087 Mojarrais是JavaServer Faces标准的开源实现。 在没有加密view state的情况下，远程攻击者就可以通过在请求中向Mojarrais提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。 Oracle Mojarra 2.0.2 Oracle Mojarra 1.214 厂商补丁： Oracle ------ 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.oracle.com...

Apache MyFaces ViewState远程跨站脚本漏洞

CVE ID: CVE-2010-2086 Apache MyFaces是JavaServer Faces标准的开源实现。 在没有加密view state的情况下，远程攻击者就可以通过在请求中向Apache MyFaces提供新的或修改的view对象执行跨站脚本或任意EL语句。成功利用这个漏洞要求修改非明文存储的序列化view对象。 Apache Group MyFaces 1.2.8 Apache Group MyFaces 1.1.7 厂商补丁： Apache Group ------------...

DEBIAN-CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

CVE-2010-1459

The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by the VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project...

Microsoft ASP.NET ViewState Denial of Service (CVE-2005-1665)

ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and passe...

Microsoft .NET ViewState Detection and Decoding

Binary data 7005.pasl...

CVE-2006-2918

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...

Code injection

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...

CVE-2006-2918

The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores the UUID and hash for a CAPTCHA in the ViewState of a page, which makes it easier for remote attackers to conduct automated attacks by "replaying the ViewState for a known number."...

CVE-2005-1664

The CVE-2005-1664 entry concerns the __VIEWSTATE functionality in Microsoft ASP.NET 1.x. The description states that remote attackers can perform replay attacks by reusing or applying a ViewState across different views or after the application state changes, potentially exposing content to third ...

CVE-2005-1664

The VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to 1 apply a ViewState generated from one view to a different view, 2 reuse ViewState information after the application's state has changed, or 3 use the ViewState to conduct attacks or expose...

Microsoft .NET Hidden 'ViewState' Detection

Binary data 5081.prm...