113 matches found
Mandriva Linux Security Advisory : mailman (MDVSA-2008:061)
Multiple cross-site scripting XSS vulnerabilities were found in Mailman prior to version 2.1.10b1, which allow remote attackers to inject arbitrary web script or HTML via edting templates and the list's info attribute in the web administrator interface. The updated packages have been patched to...
CVE-2008-0564
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...
CVE-2008-0564
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...
CVE-2008-0564
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...
CVE-2008-0564
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 editing templates and 2 the list's "info attribute" in the web administrator interface, a different vulnerability than...
FreeBSD : sql-ledger -- security bypass vulnerability (8e02441d-d39c-11db-a6da-0003476f14d3)
Chris Travers reports : George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...
sql-ledger -- security bypass vulnerability
Chris Travers reports: George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...
Cross site scripting
Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...
CVE-2007-1229
Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...
CVE-2007-1229
Cross-site scripting XSS vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface port 8001/tcp, which is not properly handled in the administrator interface when viewing the log file...
CVE-2006-1397
Multiple cross-site scripting XSS vulnerabilities in a phpAdsNew and b phpPgAds before 2.0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 certain parameters to the banner delivery module, which is not properly handled in the administrator interface, or 2 certain...
Code injection
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due...
CVE-2001-0396
The CVE-2001-0396 entry concerns Lightwave ConsoleServer 3200, where the pre-login mode of the System Administrator interface exposes sensitive information (system status, configuration, users) to remote attackers. The vulnerability arises before authentication, enabling information disclosure wi...