Lucene search
K

5566 matches found

Prion
Prion
added 2009/07/05 4:30 p.m.10 views

Code injection

The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact, via a client that does not process JavaScript...

7.5CVSS7.7AI score0.01187EPSS
Exploits0References2
CVE
CVE
added 2009/07/05 4:0 p.m.38 views

CVE-2009-2320

The CVE-2009-2320 issue affects the Axesstel MV 410R web interface where input validation relies on client-side JavaScript; remote attackers could send crafted data via a client that does not process JavaScript. The root cause is reliance on client-side validation, enabling potential unspecified ...

7.5CVSS7.4AI score0.01187EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2009/06/14 12:0 a.m.26 views

eliteCMS multiple Vulnerabilities

eliteCMS is prone to a vulnerability that lets attackers upload and execute arbitrary PHP code. The application is also prone to a cross-site scripting issue and to a SQL Injection Vulnerability. These issues occur because the application fails to sufficiently sanitize user-supplied input...

7.5CVSS0.4AI score0.00973EPSS
Exploits1References3
ThreatPost
ThreatPost
added 2009/05/12 5:56 p.m.12 views

Inside the PowerPoint mega-patch

Microsoft patched all Windows versions of PowerPoint today — addressing both a zero-day flaw microsoft.com and 13 other privately reported security vulnerabilities. The zero-day vulnerability enabled attackers to take over client machines if a user opened a malformed powerpoint document or visite...

1AI score
Exploits0References3
seebug.org
seebug.org
added 2009/05/05 12:0 a.m.13 views

32bit FTP (09.04.24) Banner Remote Buffer Overflow PoC

No description provided by source. ! /usr/bin/perl A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. By: Load 99% website: http://www.electrasoft.com/32ftp.htm Version:09.04.24 0:005 g ... 9b0.bac: Access violation - code...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/05/05 12:0 a.m.56 views

IceWarp WebMail Mail Forgery

Advisory: IceWarp WebMail Server: Client-Side Specification of "Forgot Password" eMail Content During a penetration test, RedTeam Pentesting discovered that the emails sent by the IceWarp WebMail Server when using the "Forgot Password" function are generated on the client side. Furthermore, the...

4.3CVSS0.04885EPSS
Exploits3
Exploit DB
Exploit DB
added 2009/05/05 12:0 a.m.29 views

32bit FTP (09.04.24) - 'Banner' Remote Buffer Overflow (PoC)

!/usr/bin/perl A client side vulnerability in the product allows remote servers to cause the client to crash by sending it a large banner. By: Load 99% website: http://www.electrasoft.com/32ftp.htm Version:09.04.24 0:005 g ... 9b0.bac: Access violation - code c0000005 first chance First chance...

7AI score
Exploits0
exploitpack
exploitpack
added 2009/04/20 12:0 a.m.9 views

eLitius 1.0 - Arbitrary Database Backup

eLitius 1.0 - Arbitrary Database Backup Powered By eLitius 1.0 Remote Database Backup Backup MySQL Database Choose Operation: Backup data only Save to your PC Greets: Dos-Dz TeaM SnAkEs-TeaM H4ckF0rU TeaM Team Sobh4n ALLAH Dork: Powered By eLitius 1.0 Cod3d By ThE g0bL!N...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2009/03/19 4:27 p.m.20 views

Cache Plugin -Cross-site script error

Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:27 p.m.18 views

Cache Plugin -Cross-site script error

Our e-security department found the error below after scanning the Cache Plugin: Number System/Location Defect Type Status R3 Cache Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be use...

0.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:23 p.m.22 views

Reporting Plugin- Cross-site scripting error

Our e-security found the following error for the Reporting plugin: Number System/Location Defect Type Status R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to...

0.1AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:23 p.m.20 views

Reporting Plugin- Cross-site scripting error

Our e-security found the following error for the Reporting plugin: Number System/Location Defect Type Status R2 Reporting Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies, which may be used to...

0.1AI score
Exploits0
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.18 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0Affected Software1
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.16 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0
Atlassian
Atlassian
added 2009/03/19 4:15 p.m.29 views

Latex Plugin-Cross-site Scripting Error

Our security group scanned the plugin below and found the following issue for the Latex Plugin: Number System/Location Defect Type Status R1 Latex Plugin Client-side Attacks: Cross-site Scripting Open Description Security Risk: It is possible to steal or manipulate customer session and cookies,...

Exploits0Affected Software1
OpenVAS
OpenVAS
added 2009/03/15 12:0 a.m.24 views

Microsoft Security Bulletin MS06-056

A cross-site scripting vulnerability exists in a server running a vulnerable version of the .Net Framework 2.0 that could inject a client side script in the user's browser. The script could spoof content, disclose information, or take any action that the user could take on the affected web site...

4.3CVSS5.9AI score0.37766EPSS
Exploits0
Cvelist
Cvelist
added 2009/02/24 5:0 p.m.28 views

CVE-2007-5289

HP Mercury Quality Center QC 9.2 and earlier, and possibly TestDirector, relies on cached client-side scripts to implement "workflow" and decisions about the "capability" of a user, which allows remote attackers to execute arbitrary code via crafted use of the Open Test Architecture OTA API, as...

7.7AI score0.08683EPSS
Exploits1References8
NVD
NVD
added 2009/02/13 5:30 p.m.13 views

CVE-2009-0216

GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password or by using a modified program module...

10CVSS7AI score0.02984EPSS
Exploits0References5
seebug.org
seebug.org
added 2009/02/04 12:0 a.m.37 views

UltraVNC和TightVNC客户端整数溢出漏洞

BUGTRAQ ID: 33568 CVECAN ID: CVE-2009-0388 UltraVNC和TightVNC都是开源的远程终端模拟软件。 UltraVNC和TightVNC客户端存在多个整数溢出漏洞,有漏洞的函数为: . 'ClientConnection::CheckBufferSize' . 'ClientConnection::CheckFileZipBufferSize' UltraVNC的1.0.2及之前版本使用有漏洞的函数: . 'ClientConnection::ReadServerCutText : 3859'...

10CVSS6.2AI score0.13334EPSS
Exploits11
ATTACKERKB
ATTACKERKB
added 2009/01/22 4:30 p.m.1 views

CVE-2009-0247

The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting XSS, which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable...

4.3CVSS5.1AI score0.01022EPSS
Exploits0References4
Rows per page
Query Builder