Lucene search
K

320 matches found

OSV
OSV
added 2018/04/25 5:43 p.m.3 views

DRUPAL-CONTRIB-2018-021

This module provides a JSON API standards-compliant API for accessing and manipulating Drupal content and configuration entities. The module doesn't provide CSRF protection when processing authenticated traffic using cookie-based authentication. This vulnerability is mitigated by the fact that an...

6.6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2017/12/15 12:0 a.m.10 views

Cookie Authentication Failed

This plugin is raised when the scanner has not been able to authenticate against the web application using the cookies provided in the scan policy. Check the output of the plugin to get an explanation of the issue encountered by the scan. No source data...

7.2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/12/15 12:0 a.m.9 views

Cookie Authentication Succeeded

This is an informational notice that the scanner was able to successfully authenticate against the web application using the cookies provided in the scan policy. No source data...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2017/12/05 12:0 a.m.31 views

WordPress Super Simple Custom CSS 1.2 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Super Simple Custom CSS 1.2 Super Simple Custom CSS is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

7.4AI score
Exploits0
CNVD
CNVD
added 2017/10/23 12:0 a.m.2 views

There is a logical design flaw in the Mt. Song enrollment system

Song Song enrollment system is an asp + access to develop the enrollment system source code. Song Song registration system there is a logical design vulnerability, attackers can use the vulnerability to bypass cookie authentication to log in to the system, access to sensitive information and...

6.8AI score
Exploits0
OpenVAS
OpenVAS
added 2017/10/06 12:0 a.m.20 views

Magento CMS Multiple Security Vulnerabilities

Magento CMS is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.5AI score
Exploits0References2
CNVD
CNVD
added 2017/08/13 12:0 a.m.3 views

Override Access Vulnerability in S-CMS V3.0 dbm.asp Page

S-CMS is a corporate website building system developed by Zibo Shining Network Technology Co. S-CMS V3.0 dbm.asp page has an override access vulnerability that can be exploited by an attacker to bypass Cookies authentication, execute arbitrary sql statements, and obtain the administrator's passwo...

7.6AI score
Exploits0
Cvelist
Cvelist
added 2017/02/01 8:0 p.m.17 views

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

5.6AI score0.00705EPSS
Exploits0References2
CNVD
CNVD
added 2016/12/12 12:0 a.m.7 views

Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/11/04 12:0 a.m.2 views

Mini Notice Board Cross-Site Scripting Vulnerability

Mini Notice Board 1.1 is an online bulletin board application that primarily facilitates the posting of trading announcements. A cross-site scripting vulnerability exists in the title and address parameters of the addcard.php page in Mini Notice Board 1.1. Due to the program failing to adequately...

6.5AI score
Exploits0References1
CNVD
CNVD
added 2016/08/31 12:0 a.m.3 views

OwnCloud Gallery Application HTML Injection Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. An HTML injection vulnerability exists in the OwnCloud Gallery Application, which could be exploited by an attacker to steal...

7.8AI score
Exploits0References1
myhack58
myhack58
added 2016/08/02 12:0 a.m.14 views

BlackHat world black hat conference official APP there are two logical vulnerability-vulnerability warning-the black bar safety net

! If a common enterprise APP or a website vulnerability, then is actually very normal things. However, if someone and you say FreeBuf or Tick loopholes, then everyone in the hearts of the first reaction is surely“holding a wipe, big news” is! BlackHat conference soon to be held, as the world's mo...

7.7AI score
Exploits0
CNVD
CNVD
added 2016/07/28 12:0 a.m.3 views

Wordpress ColorWay Theme Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites set up on PHP and MySQL servers.ColorWay theme is one of the plug-ins that support custom themes. A cross-site scripting vulnerability exists in WordPress...

6.7AI score
Exploits0References1
CNVD
CNVD
added 2016/07/20 12:0 a.m.3 views

ASUS DSL-N55U Router Information Disclosure Vulnerability

ASUS DSL-N55U is a dual-band wireless router product from ASUS. Information disclosure vulnerabilities exist in ASUS DSL-N55U Router version 3.0.0.4.3762736 that stem from the program failing to properly filter user-submitted input. When a user browses an affected website, an attacker steals...

6.9AI score
Exploits0References1
seebug.org
seebug.org
added 2016/04/29 12:0 a.m.17 views

Multiple Vendors (RomPager <= 4.34) - Misfortune Cookie Router Authentication Bypass

No description provided by source...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/01/04 12:0 a.m.3 views

Wordpress plugin iframe cross-site scripting vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . A cross-site...

6.1AI score
Exploits0References1
CNVD
CNVD
added 2015/05/07 12:0 a.m.2 views

IBM Rational License Key Server Administration and Reporting Tool Information Disclosure Vulnerability

IBM Rational License Key Server Administration and Reporting Tool is a license administration and reporting tool. A security vulnerability in IBM Rational License Key Server Administration and Reporting Tool allows remote attackers to exploit the vulnerability to obtain cookie-based authenticatio...

4CVSS6.9AI score0.01632EPSS
Exploits0References1
CNVD
CNVD
added 2014/12/31 12:0 a.m.4 views

Multiple Cross-Site Scripting Vulnerabilities in Contenido CMS 'front_content.php'

Multiple cross-site scripting vulnerabilities exist in Contenido CMS 'frontcontent.php' due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability to execute arbitrary script code or steal cookie-based authentication credentials...

2.6CVSS7.1AI score0.02085EPSS
Exploits1References1
myhack58
myhack58
added 2014/10/31 12:0 a.m.31 views

Etiko CMS index.php cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Affected system: Etiko Etiko CMS Description: CVECAN ID: CVE-2 0 1 4-8 5 0 5 Etiko CMS is a content management system. Etiko CMS did not effectively verify the index. php script input, in the realization on the presence of cross-site scripting vulnerability, a remote attacker with the structure o...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Web Wiz Forums 7.x Registration_Rules.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10555/info A vulnerability exists in the Web Wiz Forums software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data passe...

7.1AI score
Exploits0
Rows per page
Query Builder