Debian: Security Advisory (DSA-2239-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DSA-2239-1 libmojolicious-perl - several

Bulletin has no description...

Debian: Security Advisory (DSA-2221-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2221-1 : libmojolicious-perl - directory traversal

Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework. The oldstable distribution lenny doesn't contain libmojolicious-perl. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

DSA-2221-1 libmojolicious-perl - directory traversal

Bulletin has no description...

Ruby on Rails跨站脚本执行及跨站请求伪造漏洞

BUGTRAQ ID: 46291 CVE ID: CVE-2011-0446,CVE-2011-0447 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在跨站脚本执行和跨站请求伪造漏洞，攻击者可利用跨站脚本执行漏洞在受影响浏览器中执行任意脚本代码，窃取Cookie验证凭证。 Ruby on Rails Ruby on Rails 3.x Ruby on Rails Ruby on Rails 2.x Ruby on Rails Ruby on Rails 1.x 厂商补...

CVE-2010-3077

Cross-site scripting XSS vulnerability in util/iconbrowser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form...

CVE-2010-3694

Cross-site request forgery CSRF vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form...

CVE-2010-3077

Cross-site scripting XSS vulnerability in util/iconbrowser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter...

CVE-2010-3694

Cross-site request forgery CSRF vulnerability in the Horde Application Framework before 3.3.9 allows remote attackers to hijack the authentication of unspecified victims for requests to a preference form...

CVE-2010-3077

Cross-site scripting XSS vulnerability in util/iconbrowser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter...

CVE-2010-3077

The CVE-2010-3077 issue is a cross-site scripting (XSS) vulnerability in Horde Application Framework (util/icon_browser.php) before version 3.3.9 that allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. Affected product: Horde/Horde3 web framework (before 3.3....

CVE-2010-3694

CVE-2010-3694 is a CSRF vulnerability in the Horde Application Framework prior to 3.3.9 that can hijack a victim’s authentication for requests to a preference form. Affected product: Horde/ Horde3 (before 3.3.9); root cause: CSRF on the preference form. Impact per CVSS2: partial confidentiality, ...

XSS in Horde Application Framework <=3.3.8, icon_browser.php

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

Horde Application Framework 3.3.8 Cross Site Scripting

Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting XSS vulnerability. The iconbrowser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL can...

Horde util/icon_browser.php subdir Parameter XSS

The version of the Horde application framework hosted on the remote web server fails to sanitize user input to the 'subdir' parameter of the 'util/iconbrowser.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to inject arbitrary HTML or...

Horde Application Framework 3.3.8 - 'icon_browser.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43001/info Horde Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

Horde Application Framework 3.3.8 - icon_browser.php Cross-Site Scripting

Horde Application Framework 3.3.8 - iconbrowser.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43001/info Horde Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

SQL injection vulnerability in MODx CMS and Application Framework

Vulnerability ID: HTB22412 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinmodxcmsandapplicationframework.html Product: MODx CMS and Application Framework Vendor: MODx Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type:...