453 matches found
Oracle Commerce Platform A vulnerability exists in the Commerce Platform component
Oracle Commerce Platform is the United States Oracle Oracle company's set of e-business solutions platform. A security vulnerability exists in the Dynamo Application Framework - HTML Admin User Interface subcomponent of the Oracle Commerce Platform component of Oracle Commerce Platform. A remote...
CVE-2015-0510
Oracle Commerce Platform (9.4, 10.0, 10.2) is affected by a vulnerability in the Dynamo Application Framework – HTML Admin User Interface. The issue, described in connected CNVD data, allows a remote attacker to update, insert, or delete data, compromising data integrity. The root cause details a...
CVE-2015-0510
Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface...
Oracle Application Framework Diagnostic Mode Bypass Vulnerability
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-023: Oracle Application Framework Diagnostic Mode Bypass Vulnerability Published: 1/15/2013 Version: 1.0 Vendor: Oracle www.oracle.com Product: Oracle Application Framework Version affected: 11.5.10.2, 12.0.6, 12.1...
MODx CMS <= 0.9.2.1 (FCKeditor) Remote File Include Vulnerability
No description provided by source. +------------------------------------------------------------------------------------------- + MODx CMS 0.9.2.1 basepath Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected...
Zikula Application Framework 1.2.2 ZLanguage.php lang Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code i...
Zikula Application Framework 1.2.2 index.php func Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/39717/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code i...
Cross-Site Scripting (XSS) in Zikula Application Framework
Advisory ID: HTB23178 Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification: October 16, 2013 Vendor Patch:...
Zikula 1.3.5 Build 20 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: Zikula Application Framework Vendor: Zikula Software Foundation Vulnerable Versions: 1.3.5 build 20 and probably prior Tested Version: 1.3.5 build 20 Advisory Publication: October 16, 2013 without technical details Vendor Notification...
Cross site scripting
Cross-site scripting XSS vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php...
CVE-2013-6168
CVE-2013-6168 affects Zikula Application Framework (pre-1.3.6). The vulnerability arises from insufficient sanitisation of the returnpage parameter in index.php, enabling cross-site scripting (XSS) via crafted links. The HTB advisory HTB23178 documents exploitation and confirms the fixed vendor p...
Cross-Site Scripting (XSS) in Zikula Application Framework
High-Tech Bridge Security Research Lab discovered vulnerability in Zikula Application Framework, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Zikula Application Framework: CVE-2013-6168 1.1 The vulnerability exists due to insufficient...
Apache Struts 安全措施绕过漏洞
BUGTRAQ ID: 62584 CVECAN ID: CVE-2013-4310 Struts2 是第二代基于Model-View-Controller MVC模型的java企业级web应用框架。 Apache Struts 2.0.0-2.3.15.1的操作映射机制支持特殊参数前缀操作,这样有可能会在表格底部附加引导信息,在映射 "action:" 前缀操作时存在安全绕过漏洞,可被利用绕过某些安全限制,访问受限制功能。 0 Apache Group Struts 2.3.15.2 厂商补丁: Apache Group ------------ Apache...
Debian Security Advisory DSA 2758-1 (python-django - denial of service)
It was discovered that python-django, a high-level Python web develompent framework, is prone to a denial of service vulnerability via large passwords. A non-authenticated remote attacker could mount a denial of service by submitting arbitrarily large passwords, tying up server resources in the...
Django 目录遍历序列(CVE-2013-4315)
BUGTRAQ ID: 62332 CVECAN ID: CVE-2013-4315 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django在ssi模板标签的实现上存在目录遍历漏洞,攻击者可利用此漏洞获取敏感信息。 0 Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.djangoproject.com/...
Django "ssi"模板标签目录遍历漏洞(CVE-2013-4315)
BUGTRAQ ID: 62332 CVECAN ID: CVE-2013-4315 Django是Python编程语言驱动的一个开源Web应用程序框架。 Django 1.4.7、1.5.3之前版本在处理"ssi"标签时没有在template/defaulttags.py内正确验证ALLOWEDINCLUDEROOTS设置,即用于读取文件,远程攻击者通过目录遍历序列利用此漏洞可获取敏感信息。 0 Django 1.5.x Django 1.4.x 厂商补丁: Django ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CakePHP 2.3.7 / 2.2.8 Local File Inclusion
CVE Number: N/A not assigned Title: CakePHP AssetDispatcher Local File Inclusion Vulnerability Affected Software: Confirmed on CakePHP v2.3.7, v2.2.8 prior versions may also be affected Credit: Takeshi Terada of Mitsui Bussan Secure Directions, Inc. Issue Status: v2.3.8 & 2.2.9 was released which...
Security Advisory-Multiple Apache Struts2 Vulnerabilities in Huawei Products
Apache Struts2 is a second-generation and enterprise-ready Java web application framework based on the Model-View-Controller MVC architecture. This advisory describes four vulnerabilities of Apache Struts 2.0.0 - 2.3.15. Huawei products and applications using the above versions of Apache Struts a...
Fedora Update for perl-Dancer FEDORA-2013-9961
Check for the Version of perl-Dancer OpenVAS Vulnerability Test Fedora Update for perl-Dancer FEDORA-2013-9961 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
Fedora Update for perl-Dancer FEDORA-2013-9950
Check for the Version of perl-Dancer OpenVAS Vulnerability Test Fedora Update for perl-Dancer FEDORA-2013-9950 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...