8414 matches found
kernel: request_module() OOM local DoS
The requestmodule function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service memory consumption via a crafted application...
CVE-2012-2578
Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...
CVE-2012-4386
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery CSRF attacks by setting the token name configuration parameter to a session attribute...
Design/Logic Flaw
The execcommand function in common/helpers.py in Gajim before 0.15 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an href attribute...
DEBIAN-CVE-2012-2582
Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or...
As a JIRA System Administrator, I can instruct web browsers to not allow saving a user's password in the various login options, so that unauthorized users can not access the system.
panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/JRACLOUD-29447. panel In some organisations, as part of a set of security requirements, it is required for compliant applications, to disallow users t...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
CVE-2012-2571
Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 the Cascading Style Sheets CSS expression property in conjunction with a CSS comment within the STYLE attribute of an IMG...
CVE-2012-2584
Multiple cross-site scripting XSS vulnerabilities in Alt-N MDaemon Free 12.5.4 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 the Cascading Style Sheets CSS expression property in conjunction with a CSS comment within the STYLE attribute of an IMG...
Internet Explorer COL SPAN Heap Overflow
Added: 08/06/2012 CVE: CVE-2012-1876 BID: 53848 OSVDB: 82866 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include...
Internet Explorer COL SPAN Heap Overflow
Added: 08/06/2012 CVE: CVE-2012-1876 BID: 53848 OSVDB: 82866 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Internet Explorer allows websites to utilize Javascript to create dynamic web content. As such, websites can include...
MS12-037 Microsoft Internet Explorer Fixed Table Col Span Heap Overflow
This module exploits a heap overflow vulnerability in Internet Explorer caused by an incorrect handling of the span attribute for col elements from a fixed table, when they are modified dynamically by javascript code. This module requires Metasploit: https://metasploit.com/download Current source...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1.4 setting CSRFCOOKIESECURE to True in settings.py will fix this problem...
The csrf token cookie should be a 'secure' cookie like the sessionid cookie
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46613. panel That is that csrf token cookie 'csrftoken' should have the 'secure' attribute like the session cookie. In django 1....
Authentication flaw
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation...
CVE-2012-0680
Apple Safari before 6.0 does not properly handle the autocomplete attribute of a password input element, which allows remote attackers to bypass authentication by leveraging an unattended workstation...