87 matches found
CVE-2015-5632
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors...
Adobe ColdFusion Hotfix
Adobe today pushed out a hotfix to ColdFusion implementations, patching a vulnerability it had already patched nine days ago on the LiveCycle Data Services application framework. Today’s hotfix affects ColdFusion 11, update 5 and earlier, and ColdFusion 10, update 16 and earlier. Hotfixes, unlike...
[SECURITY] Fedora 22 Update: php-horde-Horde-Core-2.20.6-1.fc22
These classes provide the core functionality of the Horde Application Framework...
CVE-2013-0381
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...
Design/Logic Flaw
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...
CVE-2013-0381
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework...
CVE-2013-0381
Technical details for CVE-2013-0381 are not publicly available in the provided documents; no affected products, vectors, or mitigations are specified. Monitor for updates from official advisories.
Ruby On Rails XML Processor YAML Deserialization Code Execution
This Metasploit module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the...
Ruby on Rails XML Processor YAML Deserialization Code Execution
This module exploits a remote code execution vulnerability in the XML request processor of the Ruby on Rails application framework. This vulnerability allows an attacker to instantiate a remote object, which in turn can be used to execute any ruby code remotely in the context of the application...
PYSEC-2012-6
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
Fedora Update for trytond FEDORA-2012-4988
Check for the Version of trytond OpenVAS Vulnerability Test Fedora Update for trytond FEDORA-2012-4988 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting
Zikula Application Framework 1.2.71.3 - themename Cross-Site Scripting source: https://www.securityfocus.com/bid/49491/info Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...
SQL injection vulnerability in MODx CMS
Vulnerability ID: HTB22414 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinmodxcms.html Product: MODx CMS and Application Framework Vendor: MODx Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type: SQL Injection Status: N...
SQL injection vulnerability in MODx CMS and Application Framework
Vulnerability ID: HTB22412 Reference: http://www.htbridge.ch/advisory/sqlinjectionvulnerabilityinmodxcmsandapplicationframework.html Product: MODx CMS and Application Framework Vendor: MODx Vulnerable Version: 1.0.3 and Probably Prior Versions Vendor Notification: 28 May 2010 Vulnerability Type:...
Design/Logic Flaw
The form library in Horde Application Framework 3.2 before 3.2.5 and 3.3 before 3.3.5; Groupware 1.1 before 1.1.6 and 1.2 before 1.2.4; and Groupware Webmail Edition 1.1 before 1.1.6 and 1.2 before 1.2.4; reuses temporary filenames during the upload process which allows remote attackers, with...
Gentoo Security Advisory GLSA 200805-01 (horde)
The remote host is missing updates announced in advisory GLSA 200805-01. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200511-20 (horde)
The remote host is missing updates announced in advisory GLSA 200511-20. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Horde Application Framework: Multiple vulnerabilities
Background The Horde Application Framework is a general-purpose web application framework written in PHP, providing classes for handling preferences, compression, browser detection, connection tracking, MIME and more. Description Multiple vulnerabilities have been reported in the Horde Applicatio...