3502 matches found
Design/Logic Flaw
The ACL implementation in Cisco NX-OS 5.02 and 5.03 before 5.03N21 on Nexus 5000 series switches, and NX-OS before 5.03U12a on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in...
Nginx Code Execution with Null Bytes to several hidden points and critical points-vulnerability warning-the black bar safety net
Last night, the Black pot on the microblogging made a foreigner explosion Nginx vulnerability, the beginning and few people pay attention, the ego immediately frame environmental testing to verify that my product is good handy online and tried the two sites also verify this vulnerability, so...
8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability
Document Title: =============== 8Pixel Blog CMS v4.2 - Cross Site Scripting Vulnerability Release Date: ============= 2011-08-14 Vulnerability Laboratory ID VL-ID: ==================================== 1 Product & Service Introduction: =============================== 8pixel.net developes...
SA-CONTRIB-2011-034 - Display Suite - Cross Site Scripting
Display Suite allows you to take full control over how your content is displayed using a drag and drop interface. Arrange your nodes, views, comments, user data etc. the way you want without having to work your way through dozens of template files. In certain situations, Display Suite does not...
Micro CMS v1.0.1 - Persistent Cross Site Scripting Vulnerability
Document Title: =============== Micro CMS v1.0.1 - Persistent Cross Site Scripting Vulnerability Release Date: ============= 2011-07-12 Vulnerability Laboratory ID VL-ID: ==================================== 152 Product & Service Introduction: =============================== Parallels Plesk Panel...
CVE-2011-1954
Multiple cross-site request forgery CSRF vulnerabilities in Post Revolution 0.8.0c-2 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests to 1 ajax-weblog-guardar.php, 2 verpost.php, 3 comments.php, or 4 perfil.php...
Cross-Site Request Forgery
Cross-Site Request Forgery Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL: /jira/plugins/servlet/streamscomments This vulnerability enables...
Cross-Site Request Forgery
Cross-Site Request Forgery Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that the application is succeptible to Cross-Site Request Forgery attacks within this URL: /jira/plugins/servlet/streamscomments This vulnerability enables...
Mandriva Linux Security Advisory : python-feedparser (MDVSA-2011:082)
Multiple vulnerabilities has been found and corrected in python-feedparser : Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested...
Fedora 14 : ikiwiki-3.20110328-1.fc14 (2011-5180)
Update to latest upstream version 3.20110328. Security fixes : - Possible JavaScript insertion via insufficient htmlscrubbing of alternate stylesheets. CVE-2011-1401 - JavaScript insertion via insufficient checking in comments. CVE-2011-0428 See http://ikiwiki.info/news/ for the full list of...
XSS vulnerability in Crucible changeset comments in search results
We have identified and fixed a cross-site scripting XSS vulnerability in the Crucible changeset comments in search results. Affected versions are Crucible 2.3.0 to 2.5.0 inclusive. XSS vulnerabilities potentially allow an attacker to embed their own JavaScript into a FishEye/Crucible page. You ca...
CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
DEBIAN-CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
PYSEC-2011-20
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
CVE-2011-1157
Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...
MediaWiki CSS Comments XSS
There is a cross-site scripting vulnerability in this installation of MediaWiki that may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks. This version of MediaWik...
DEBIAN-CVE-2011-0047
Cross-site scripting XSS vulnerability in MediaWiki before 1.16.2 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets CSS comments, aka "CSS injection vulnerability."...
Cross site scripting
Cross-site scripting XSS vulnerability in system/modules/comments/Comments.php in Contao CMS 2.9.2, and possibly other versions before 2.9.3, allows remote attackers to inject arbitrary web script or HTML via the HTTP XFORWARDEDFOR header, which is stored by system/libraries/Environment.php but n...