Lucene search
K

178 matches found

NVD
NVD
added 2012/09/17 8:55 p.m.17 views

CVE-2012-2060

Cross-site scripting XSS vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01347EPSS
Exploits0References4
NVD
NVD
added 2012/09/17 8:55 p.m.20 views

CVE-2012-2061

Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...

6.8CVSS7.1AI score0.00746EPSS
Exploits0References4
Prion
Prion
added 2012/09/17 8:55 p.m.18 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...

6.8CVSS7.6AI score0.00746EPSS
Exploits0References4
Cvelist
Cvelist
added 2012/09/17 8:0 p.m.27 views

CVE-2012-2060

Cross-site scripting XSS vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01347EPSS
Exploits0References4
CVE
CVE
added 2012/09/17 8:0 p.m.43 views

CVE-2012-2061

The CVE-2012-2061 entry affects Drupal's Admin tools module. The underlying issue is CSRF due to not checking tokens in the module, enabling remote attackers to hijack the authentication of unspecified victims via CSRF vectors. The vulnerability description explicitly identifies the token-checkin...

6.8CVSS7.3AI score0.00746EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/09/17 8:0 p.m.18 views

CVE-2012-2061

Cross-site request forgery CSRF vulnerability in the Admin tools module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors involving "not checking tokens."...

7.1AI score0.00746EPSS
Exploits0References4
CVE
CVE
added 2012/09/17 8:0 p.m.35 views

CVE-2012-2060

CVE-2012-2060 is an XSS vulnerability in the Drupal Admin tools module. The connected records identify the affected component as Admin tools, describe an XSS that allows injection of arbitrary script/HTML via unspecified vectors, and note a CVSSv2 base score of 4.3 (Medium) with no documented fix...

4.3CVSS5.8AI score0.01347EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/09/06 12:0 a.m.28 views

Scientific Linux Security Update : xen on SL5.x i386/x86_64 (20120905)

The xen packages contain administration tools and the xend service for managing the kernel-xen kernel for virtualization on Red Hat Enterprise Linux. A flaw was found in the way QEMU handled VT100 terminal escape sequences when emulating certain character devices. A guest user with privileges to...

7.2CVSS7.4AI score0.00528EPSS
Exploits0References2
Drupal
Drupal
added 2012/03/14 12:0 a.m.27 views

SA-CONTRIB-2012-036 - Multiple Modules Unsupported

CVE: CVE-2012-2056 Content Lock Is a module that prevents users from concurrent editing of nodes. This module does not use a token for unlocking a content lock. This leads to a CSRF attack vector. CVE: CVE-2012-2057 Ubercart Bulk Stock Updater is an extension module for Ubercart 2.x running on...

6.8CVSS6.2AI score0.01759EPSS
Exploits0References18
Packet Storm
Packet Storm
added 2012/03/01 12:0 a.m.27 views

Elefant CMS 1.0.2 Cross Site Scripting

elefantcms vendor: http://www.elefantcms.com Version: Latest stable release: 1.0.2 Author: Karthik R 3psil0nLambDa Email: [email protected] My blog: www.epsilonlambda.wordpress.com Google dork: Powered by Elefant CMS...

0.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2011/02/11 3:34 a.m.21 views

Description of the update package for Lync Server 2010, Administrative Tools: January 2011

Describes the bug that is resolved in the January, 2011 cumulative update package for Lync Server 2010, Administration Tools.SummaryThis article describes the issue that is fixed in the update package for Microsoft Lync Server 2010, Administration Tools that is dated January 2011.This article...

6.2AI score
Exploits0
OpenVAS
OpenVAS
added 2009/10/23 12:0 a.m.18 views

Find Windows Admin Tools over WMI if IIS installed (win)

If IIS installed, find Windows Admin Tools over WMI: arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe, cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe, ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe, ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2009/10/23 12:0 a.m.26 views

Find Windows Admin Tools over WMI if IIS installed - Windows

If IIS installed, find Windows Admin Tools over WMI: arp.exe, at.exe, atsvc.exe, cacls.exe, cmd.exe, cscript.exe, debug.exe, edit.com, edlin.exe, ftp.exe, finger.exe, ipconfig.exe, net.exe, netsh.exe, netstat.exe, nslookup.exe, ping.exe, poledit.exe, posix.exe, qbasic.exe, rcp.exe, rdisk.exe,...

7.3AI score
Exploits0
Prion
Prion
added 2008/02/21 1:44 a.m.13 views

Design/Logic Flaw

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...

5CVSS7.3AI score0.0181EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2008/02/21 1:44 a.m.17 views

CVE-2008-0864

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...

5CVSS6.7AI score0.0181EPSS
Exploits0References4
CVE
CVE
added 2008/02/21 1:0 a.m.53 views

CVE-2008-0864

The CVE-2008-0864 entry concerns BEA WebLogic Portal 8.1 SP3–SP6, where the Admin Tools feature can inadvertently remove page entitlements when an administrator edits the page definition label. This could allow remote attackers to bypass intended access restrictions. The available connected docum...

5CVSS6.7AI score0.0181EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2008/02/21 1:0 a.m.22 views

CVE-2008-0864

Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions...

6.7AI score0.0181EPSS
Exploits0References4
Packet Storm
Packet Storm
added 2005/09/07 12:0 a.m.39 views

phpcal.txt

phpCommunityCalendar 4.0.3 possibly prior versions sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1 sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin"...

7.4AI score
Exploits0
Rows per page
Query Builder