GIGAPOD vulnerable to denial-of-service (DoS)

Overview GIGAPOD provided by TripodWorks CO.,LTD. contains a denial-of-service DoS vulnerability. GIGAPOD file servers Appliance model and Software model from TripodWorks CO.,LTD. provide two web interfaces. First, a user web interface via ports 80/443, and a second, an administrative web interfa...

CVE-2012-5485

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Code injection

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

PYSEC-2014-27

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

PYSEC-2014-27

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

CVE-2012-5485

registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

CVE-2012-5485

CVE-2012-5485 affects Plone (as part of conga/luci) where registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote code execution via the admin interface. Root cause is improper handling in the RestrictedPython sandbox when processing admin actions, enabling a remote attacke...

[SECURITY] [DLA 65-1] python-django security update

Package : python-django Version : 1.2.3-3+squeeze11 CVE ID : CVE-2014-0480 CVE-2014-0481 CVE-2014-0482 CVE-2014-0483 This update address an issue with reverse generating external URLs; a denial of service involving file uploads; a potential session hijacking issue in the remote-user middleware; a...

CVE-2012-6659

Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2012-6659

Cross-site scripting XSS vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2012-6659

Phorum prior to version 5.2.19 is affected by a cross-site scripting (XSS) vulnerability in the admin interface that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Root cause details are not further described in the provided documents beyond the XSS in the admin...

PT-2014-2312 · Plone +1 · Plone +1

Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone version 4.3 before beta 1 Description: The issue allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. This is possible due to a problem in the...

McAfee Web Gateway Information Disclosure Vulnerability

McAfee Web Gateway is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2014-0152

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

Session fixation

Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors...

CVE-2014-0152

CVE-2014-0152 affects oVirt Web Admin Interface (3.4.0 and earlier). Root cause: after authentication, a new session ID is not generated and session IDs may be stored in HTML5 local storage, not protected by same-origin policy. This enables a remote attacker to hijack a logged-in user’s session v...

PT-2014-3504 · Ovirt · Ovirt

Name of the Vulnerable Software and Affected Versions: oVirt versions 3.4.0 and earlier Description: A session fixation issue in the web admin interface allows remote attackers to hijack web sessions. Recommendations: For versions 3.4.0 and earlier, update to a version later than 3.4.0 to resolve...

F5 BIG-IP 11.5.1 Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting product: F5 BIG-IP vulnerable version: 11.6.0 impact: Medium CVE number: CVE-2014-4023...

CVE-2014-0483

The administrative interface contrib.admin in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship between models, which allows remote authenticated users to obtain sensitive information via a tofield...