453 matches found
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
PYSEC-2012-6
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
SQL Injection Vulnerability in Ruby on Rails
CVE-2012-2661 Ruby on Rails是一款Web应用程序框架,构建在Ruby语言之上 存在一个SQL注入漏洞,问题存在于Active Record处理嵌套查询参数,攻击者可以使用特制请求注入SQL语句。 受影响代码直接把请求参数传递给ActiveRecord类的where方法,如Post.where:id = params:id.all。攻击者可以提交请求使params:id返回特制哈希使WHERE子句使用某些值查询任意表 Impacted code directly passes request params to the where method of an...
Fedora Update for trytond FEDORA-2012-4988
Check for the Version of trytond OpenVAS Vulnerability Test Fedora Update for trytond FEDORA-2012-4988 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Ruby on Rails多个跨站脚本执行漏洞
BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...
Microsoft Silverlight Installed (Mac OS X)
A version of Microsoft Silverlight is installed on this host. Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment. TRUSTED...
Apache Struts session tampering with the security restrictions bypass vulnerability-vulnerability warning-the black bar safety net
Release date: 2011-01-01 Update date: 2011-12-16 Affected system: The Apache Group Struts 2.1.8 .1 The Apache Group Struts 2.0.9 Description: -------------------------------------------------------------------------------- BUGTRAQ ID: 5 0 9 4 0 Apache Struts is a development of Java web...
CVE-2011-3979
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
Cross site scripting
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
CVE-2011-3979
Vulnerability: Zikula Application Framework (theme module) has an XSS in ztemp/view_compiled/Theme/theme_admin_setasdefault.php. Affected versions include 1.3.0 build 3168 and 1.2.7 (likely others). Impact: remote attackers can inject arbitrary HTML/Script via the themename parameter in the setos...
CVE-2011-3979
Cross-site scripting XSS vulnerability in ztemp/viewcompiled/Theme/themeadminsetasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
XSS in Zikula
Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...
Zikula 1.3.0 Cross Site Scripting
Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...
Zikula Application Framework 1.2.7/1.3 - 'themename' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Cross-site Scripting (XSS) Vulnerability in Zikula Application Framework
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Zikula Application Framework Input passed via the "themename" parameter to...
Debian Security Advisory DSA 2247-1 (rails)
The remote host is missing an update to rails announced via advisory DSA 2247-1. OpenVAS Vulnerability Test $Id: deb22471.nasl 6613 2017-07-07 12:08:40Z cfischer $ Description: Auto-generated from advisory DSA 2247-1 rails Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...