178 matches found
CVE-2012-2060
Cross-site scripting XSS vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2061
Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...
CVE-2012-2060
Cross-site scripting XSS vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2061
The CVE-2012-2061 entry affects Drupal's Admin tools module. The underlying issue is CSRF due to not checking tokens in the module, enabling remote attackers to hijack the authentication of unspecified victims via CSRF vectors. The vulnerability description explicitly identifies the token-checkin...
CVE-2012-2061
Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...
CVE-2012-2060
CVE-2012-2060 is an XSS vulnerability in the Drupal Admin tools module. The connected records identify the affected component as Admin tools, describe an XSS that allows injection of arbitrary script/HTML via unspecified vectors, and note a CVSSv2 base score of 4.3 (Medium) with no documented fix...
Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20120905)
The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to...
SA-CONTRIB-2012-036 - Multiple Modules Unsupported
CVE: CVE-2012-2056 Content Lock Is a module that prevents users from concurrent editing of nodes. This module does not use a token for unlocking a content lock. This leads to a CSRF attack vector. CVE: CVE-2012-2057 Ubercart Bulk Stock Updater is an extension module for Ubercart 2.x running on...
Elefant CMS 1.0.2 Cross Site Scripting
elefantcms vendor: http://www.elefantcms.com Version: Latest stable release: 1.0.2 Author: Karthik R 3psil0nLambDa Email: [email protected] My blog: www.epsilonlambda.wordpress.com Google dork: Powered by Elefant CMS...
Description of the update package for Lync Server 2010, Administrative Tools: January 2011
Describes the bug that is resolved in the January, 2011 cumulative update package for Lync Server 2010, Administration Tools.SummaryThis article describes the issue that is fixed in the update package for Microsoft Lync Server 2010, Administration Tools that is dated January 2011.This article...
Find Windows Admin Tools over WMI if IIS installed (win)
If IIS installed, find Windows Admin Tools over WMI: arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe, cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe, ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe, ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,...
Find Windows Admin Tools over WMI if IIS installed - Windows
If IIS installed, find Windows Admin Tools over WMI: arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe, cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe, ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe, ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,...
Design/Logic Flaw
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...
CVE-2008-0864
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...
CVE-2008-0864
The CVE-2008-0864 entry concerns BEA WebLogic Portal 8.1 SP3–SP6, where the Admin Tools feature can inadvertently remove page entitlements when an administrator edits the page definition label. This could allow remote attackers to bypass intended access restrictions. The available connected docum...
CVE-2008-0864
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...
phpcal.txt
phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...