320 matches found
DRUPAL-CONTRIB-2018-021
This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an...
Cookie Authentication Failed
This plugin is raised when the scanner has not been able to authenticate against the web application using the cookies provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...
Cookie Authentication Succeeded
This is an informational notice that the scanner was able to successfully authenticate against the web application using the cookies provided in the scan policy. No source data...
WordPress Super Simple Custom CSS 1.2 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Super Simple Custom CSS 1.2 Super Simple Custom CSS is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...
There is a logical design flaw in the Mt. Song enrollment system
Song Song enrollment system is an asp + access to develop the enrollment system source code. Song Song registration system there is a logical design vulnerability, attackers can use the vulnerability to bypass cookie authentication to log in to the system, access to sensitive information and...
Magento CMS Multiple Security Vulnerabilities
Magento CMS is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Override Access Vulnerability in S-CMS V3.0 dbm.asp Page
S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 dbm.asp page has an override access vulnerability that can be exploited by an attacker to bypass Cookies authentication, execute arbitrary sql statements, and obtain the administrator's passwo...
CVE-2016-0265
IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...
Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler
Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...
Mini Notice Board Cross-Site Scripting Vulnerability
Mini Notice Board 1.1 is an online bulletin board application that primarily facilitates the posting of trading announcements. A cross-site scripting vulnerability exists in the title and address parameters of the addcard.php page in Mini Notice Board 1.1. Due to the program failing to adequately...
OwnCloud Gallery Application HTML Injection Vulnerability
OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. An HTML injection vulnerability exists in the OwnCloud Gallery Application, which could be exploited by an attacker to steal...
BlackHat world black hat conference official APP there are two logical vulnerability-vulnerability warning-the black bar safety net
! If a common enterprise APP or a website vulnerability, then is actually very normal things. However, if someone and you say FreeBuf or Tick loopholes, then everyone in the hearts of the first reaction is surely“holding a wipe, big news” is! BlackHat conference soon to be held, as the world's mo...
Wordpress ColorWay Theme Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites set up on PHP and MySQL servers.ColorWay theme is one of the plug-ins that support custom themes. A cross-site scripting vulnerability exists in WordPress...
ASUS DSL-N55U Router Information Disclosure Vulnerability
ASUS DSL-N55U is a dual-band wireless router product from ASUS. Information disclosure vulnerabilities exist in ASUS DSL-N55U Router version 3.0.0.4.3762736 that stem from the program failing to properly filter user-submitted input. When a user browses an affected website, an attacker steals...
Multiple Vendors (RomPager <= 4.34) - Misfortune Cookie Router Authentication Bypass
No description provided by source...
Wordpress plugin iframe cross-site scripting vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . A cross-site...
IBM Rational License Key Server Administration and Reporting Tool Information Disclosure Vulnerability
IBM Rational License Key Server Administration and Reporting Tool is a license administration and reporting tool. A security vulnerability in IBM Rational License Key Server Administration and Reporting Tool allows remote attackers to exploit the vulnerability to obtain cookie-based authenticatio...
Multiple Cross-Site Scripting Vulnerabilities in Contenido CMS 'front_content.php'
Multiple cross-site scripting vulnerabilities exist in Contenido CMS 'frontcontent.php' due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal cookie-based authentication credentials...
Etiko CMS index.php cross-site scripting vulnerability-vulnerability warning-the black bar safety net
Affected system: Etiko Etiko CMS Description: CVECAN ID: CVE-2 0 1 4-8 5 0 5 Etiko CMS is a content management system. Etiko CMS did not effectively verify the index. php script input, in the realization on the presence of cross-site scripting vulnerability, a remote attacker with the structure o...
Web Wiz Forums 7.x Registration_Rules.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passe...