Lucene search
K

1127 matches found

Prion
Prion
added 2009/03/23 8:0 p.m.25 views

Cross site scripting

Cross-site scripting XSS vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS5.8AI score0.01776EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2009/03/23 8:0 p.m.17 views

CVE-2008-6508

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

7.5CVSS6.7AI score0.83382EPSS
Exploits5References11
CVE
CVE
added 2009/03/23 7:26 p.m.65 views

CVE-2008-6510

CVE-2008-6510 is an XSS vulnerability in Openfire’s Admin Console login.jsp (Openfire, = net-im/openfire-3.6.3 to remediate. The connected documents do not provide details on exploitation in the wild.

4.3CVSS5.5AI score0.01776EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2009/03/23 7:26 p.m.38 views

CVE-2008-6508

Directory traversal vulnerability in the AuthCheck filter in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to bypass authentication and access the admin interface via a .. dot dot in a URI that matches the Exclude-Strings list, as demonstrated by a /setup/setup-/...

8.5AI score0.83382EPSS
Exploits5References11
CVE
CVE
added 2009/03/23 7:26 p.m.208 views

CVE-2008-6508

Openfire Openfire Admin Console is affected by a directory traversal (path traversal) vulnerability (CVE-2008-6508) in the AuthCheck filter, enabling remote attackers to bypass authentication and access the admin interface via a .. sequence in a URI that matches the Exclude-Strings list. Affected...

7.5CVSS7.4AI score0.83382EPSS
In wildExploits5References11Affected Software1
Cvelist
Cvelist
added 2009/03/23 7:26 p.m.30 views

CVE-2008-6510

Cross-site scripting XSS vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter...

5.4AI score0.01776EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2009/03/09 12:0 a.m.7 views

PT-2009-3447 · Ibm · Ibm Websphere Application Server

Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server WAS versions 6.1.0.0 through 6.1.0.22 Description: A cross-site scripting XSS issue exists in the administrative console, allowing remote attackers to inject arbitrary web script or HTML. This could potentiall...

4.3CVSS5.5AI score0.05979EPSS
Exploits1References13
myhack58
myhack58
added 2009/01/14 12:0 a.m.12 views

serv-u7 local exploit (php)-bug warning-the black bar safety net

Note: since the author is lazy, does not provide the log cleaning function that will leave the log: One, the su7 is the right there are several? There are two forms to get rid of su7 in. 1, login to the Administrator Console page ==get the OrganizationId for Add User ==get the global user of...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2008/08/14 10:0 p.m.17 views

CVE-2006-7233

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

5.8AI score0.01223EPSS
Exploits0References6
Cvelist
Cvelist
added 2008/08/14 10:0 p.m.20 views

CVE-2005-4876

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than...

5.8AI score0.00852EPSS
Exploits0References2
CVE
CVE
added 2008/08/14 10:0 p.m.40 views

CVE-2005-4876

The CVE describes an XSS in Openfire’s admin console login.jsp. Affected: Openfire (Wildfire) 2.2.2, and possibly earlier than 2.3.0 Beta 2. The vulnerability arises from improper handling of the username parameter, allowing remote attackers to inject arbitrary script/HTML. This is a component-le...

4.3CVSS6AI score0.00852EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2008/08/14 10:0 p.m.46 views

CVE-2006-7233

Openfire (formerly Wildfire) 2.6.0 admin console login.jsp suffers a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via the url parameter, potentially affecting versions prior to 3.5.3. The description does not specify a concrete...

4.3CVSS6.1AI score0.01223EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2008/08/14 10:0 p.m.36 views

CVE-2005-4877

Openfire 2.3.0 Beta 2 (formerly Wildfire) is affected by CVE-2005-4877, a cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console. The issue arises from the username parameter, where remote attackers can inject arbitrary web script or HTML via Javascript events...

4.3CVSS5.9AI score0.00852EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2008/08/14 10:0 p.m.18 views

CVE-2005-4877

Cross-site scripting XSS vulnerability in the login form login.jsp of the admin console in Openfire formerly Wildfire 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876...

5.6AI score0.00852EPSS
Exploits0References2
securityvulns
securityvulns
added 2008/06/06 12:0 a.m.59 views

F5 FirePass Content Inspection Management XSS

F5 FirePass Content Inspection Management XSS Product: F5 FirePass http://www.f5.com/products/firepass/ The F5 FirePass SSL VPN appliance provides rudimentary web request sanitization for resources exposed through the appliance via Portal Access. This Content Inspection feature can be configured...

1.1AI score
Exploits0
securityvulns
securityvulns
added 2008/05/24 12:0 a.m.31 views

F5 BIG-IP crossite scripting

Crossite scripting in web admin console...

1.1AI score
Exploits0References4Affected Software1
Packet Storm
Packet Storm
added 2007/09/25 12:0 a.m.24 views

barracude-xss.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 || ISR || || Infobyte Security Research || www.infobyte.com.ar || 09.21.2007 || .:: SUMMARY Barracuda Spam Firewall Cross-Site Scripting Version: Barracuda Spam Firewall firmware v3.4.10.102 It is suspected that all previous versions of Barracuda Sp...

7.4AI score
Exploits0
Prion
Prion
added 2007/08/23 7:17 p.m.13 views

Code injection

The Sun Admin Console in Sun Application Server 9.00.1 does not apply certain configuration changes persistently, which causes the 1 SSL and 2 SSLMutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass...

5CVSS7.3AI score0.01629EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2007/08/23 7:17 p.m.15 views

CVE-2007-4511

The Sun Admin Console in Sun Application Server 9.00.1 does not apply certain configuration changes persistently, which causes the 1 SSL and 2 SSLMutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass...

5CVSS6.7AI score0.01629EPSS
Exploits0References4
CVE
CVE
added 2007/08/23 7:0 p.m.51 views

CVE-2007-4511

The CVE-2007-4511 issue affects Sun Admin Console in Sun Application Server 9.0_0.1. The root problem is that configuration changes are not persisted, causing the SSL and SSL_MutualAuth ORB listener services to enable all protocols and ciphers after a restart. This can allow remote attackers to b...

5CVSS6.7AI score0.01629EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder