413 matches found
CVE-2014-2008
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter...
osDate (uploadvideos.php) Shell Upload Vulnerability
No description provided by source. ==================================================== osDate Upload Shell Vulnerability uploadvideos.php ==================================================== Date : 05/08/2010 Author : Xa7m3d Tested ON : ubuntu 9.10 MY Team : Currently no Software Link :...
Ruby <= 1.9 (regex engine) Remote Socket Memory Leak Exploit
No description provided by source. ------------------------------------------------------- Language : Ruby Web Site: www.ruby-lang.org Platform: All Bug: Remote Socket Memory Leak Products Affected: 1.8 series: - 1.8.5 and all prior versions - 1.8.6-p286 and all prior versions - 1.8.7-p71 and all...
A10 Networks AX Loadbalancer Directory Traversal
This module exploits a directory traversal flaw found in A10 Networks Soft AX Loadbalancer version 2.6.1-GR1-P5/2.7.0 or less. When handling a file download request, the xml/downloads class fails to properly check the 'filename' parameter, which can be abused to read any file outside the virtual...
CVE-2013-6643
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/oneclicksigninbubbleview.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handli...
Design/Logic Flaw
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/oneclicksigninbubbleview.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handli...
CVE-2013-6643
The OneClickSigninBubbleView::WindowClosing function in browser/ui/views/sync/oneclicksigninbubbleview.cc in Google Chrome before 32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux allows attackers to trigger a sync with an arbitrary Google account by leveraging improper handli...
CVE-2013-6643
The CVE-2013-6643 issue affects Google Chrome prior to 32.0.1700.76 on Windows and 32.0.1700.77 on macOS/Linux. It stems from improper handling of the closing of an untrusted signin confirmation dialog in OneClickSigninBubbleView::WindowClosing, allowing an attacker to trigger a sync with an arbi...
XSS Vulnerability - delete filter confirmation
panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Server. Using JIRA Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/JRACLOUD-34074. panel Similar to JRA-31564, an XSS bug exists in the delete filter success screen. Steps to reproduce: 1. Search for issues. 2. Choose...
CVE-2013-0127
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...
Code injection
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java code execution and X-Confirm-Reading-To functionality via a crafted message, aka SPRs JMOY95BLM6 and...
CVE-2012-3872
Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...
CVE-2012-3872
Multiple cross-site scripting XSS vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to data/file/edit.php, 2 the q parameter to confirm.php, or 3 the keyword parameter to users/users.php...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
No description is available for this CVE...
Mozilla recursive eval call causes confirm dialog to evaluate to true (MFSA 2011-02)
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges...
Mailman: Three XSS flaws due improper escaping of the full name of the member
Multiple cross-site scripting XSS vulnerabilities in Cgi/confirm.py in GNU Mailman 2.1.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 full name or 2 username field in a confirmation message...
CVE-2011-1030
Cross-site scripting XSS vulnerability in the Wikis component in IBM Lotus Connections 3.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the "Confirm New Page scene."...
CVE-2010-3829
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...
Design/Logic Flaw
WebKit in Apple iOS before 4.2 allows remote attackers to bypass the remote image loading setting in Mail via an HTML LINK element with a DNS prefetching property, as demonstrated by an HTML e-mail message that uses a LINK element for X-Confirm-Reading-To functionality, a related issue to...