Lucene search
+L

113 matches found

Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.27 views

Mandriva Linux Security Advisory : mailman (MDVSA-2008:061)

Multiple cross-site scripting XSS vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list's info attribute in the web administrator interface. The updated packages have been patched to...

4.3CVSS5.6AI score0.01919EPSS
Exploits0References1
NVD
NVD
added 2008/02/05 2:0 a.m.17 views

CVE-2008-0564

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

4.3CVSS5.5AI score0.01919EPSS
Exploits0References23
UbuntuCve
UbuntuCve
added 2008/02/05 2:0 a.m.26 views

CVE-2008-0564

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

4.3CVSS6.3AI score0.01919EPSS
Exploits0References2
OSV
OSV
added 2008/02/05 2:0 a.m.9 views

CVE-2008-0564

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

5.5AI score
Exploits0References23
Cvelist
Cvelist
added 2008/02/05 1:0 a.m.31 views

CVE-2008-0564

Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...

8.3AI score0.01919EPSS
Exploits0References23
Tenable Nessus
Tenable Nessus
added 2007/03/18 12:0 a.m.13 views

FreeBSD : sql-ledger -- security bypass vulnerability (8e02441d-d39c-11db-a6da-0003476f14d3)

Chris Travers reports : George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...

5.7AI score
Exploits0References3
FreeBSD
FreeBSD
added 2007/03/09 12:0 a.m.18 views

sql-ledger -- security bypass vulnerability

Chris Travers reports: George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...

7.8AI score
Exploits0References1
Prion
Prion
added 2007/03/02 10:19 p.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...

4.3CVSS6.1AI score0.01774EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2007/03/02 10:19 p.m.17 views

CVE-2007-1229

Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...

4.3CVSS5.6AI score0.01774EPSS
Exploits1References7
Cvelist
Cvelist
added 2007/03/02 10:0 p.m.24 views

CVE-2007-1229

Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...

5.6AI score0.01774EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/03/28 11:0 a.m.24 views

CVE-2006-1397

Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...

5.8AI score0.0191EPSS
Exploits0References13
Prion
Prion
added 2006/03/01 2:2 a.m.19 views

Code injection

Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due...

7.5CVSS7.2AI score0.02623EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2001/05/24 4:0 a.m.48 views

CVE-2001-0396

The CVE-2001-0396 entry concerns Lightwave ConsoleServer 3200, where the pre-login mode of the System Administrator interface exposes sensitive information (system status, configuration, users) to remote attackers. The vulnerability arises before authentication, enabling information disclosure wi...

5CVSS6.6AI score0.0208EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder