CVE-2010-0326

Cross-site scripting XSS vulnerability in the Developer log devlog extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-0326

CVE-2010-0326 is an XSS in the TYPO3 Devlog extension (version 2.9.1 and earlier). Remote attackers could inject arbitrary web script/HTML via unspecified vectors. Affected: TYPO3 Devlog, 2.9.1 and earlier. The connected sources confirm the description but do not provide concrete exploit details,...

Multiple vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third party TYPO3 extensions: MK-AnydropdownMenu mkanydropdownmenu, Photo Book gooffotoboek, SB Folderdownload sbfolderdownload, Developer log devlog, KJ: Imagelightbox kjimagelightbox2, Unit Converter cs2unitconv, powermail powermail, TV21...

JVN#09872874 Movable Type access restriction bypass vulnerability

Movable Type, a web log system from Six Apart KK, contains a vulnerability that allows a remote attacker to bypass access restrictions. This vulnerability is different from JVN08369659. Impact A remote attacker may view or modify information stored by Movable Type. Solution Update the Software...

Barracuda Web Firewall 660 Firmware 7.3.1.007 Input Validation

Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines & malicious codesserver-side|persistent...

Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities

Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijack...

Barracuda Web Firewall 660 Firmware v7.3.1.007 Vulnerability

No description provided by source. Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines &...

Barracuda Web Firewall 660 Firmware 7.3.1.007 - Multiple Vulnerabilities

Pentest Information: ==================== GESEC Team remove discover a input validation vulnerability on Barracuda - Web Application Firewall 660 Appliance. A remote attacker is able to get sensitive customer sessions hijackor can implement script routines & malicious codesserver-side|persistent...

Low: Red Hat Security Advisory: Red Hat Network Satellite Server Sun Java Runtime security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Network Satellite Server 5.1. This update has been rated as having low security impact by the Red Hat Security Response Team. This update corrects several security vulnerabilities in the Sun Java...

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

CVE-2009-4052

Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...

CVE-2009-4052

IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 contain multiple XSS vulnerabilities in the JSF Widget Library Runtime. The issues allow remote attackers to inject arbitrary web script or HTML via vectors involving the JSF ...

JVN#01245481 Redmine vulnerable to cross-site scripting

Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, cookie information may be leaked and could lead to session hijacking or user impersonation. Solution Update the...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RedHat Security Advisory RHSA-2009:1571

The remote host is missing updates announced in advisory RHSA-2009:1571. The Sun 1.5.0 Java release includes the Sun Java 5 Runtime Environment and the Sun Java 5 Software Development Kit. This update fixes several vulnerabilities in the Sun Java 5 Runtime Environment and the Sun Java 5 Software...

RHEL 4 / 5 : java-1.5.0-sun (RHSA-2009:1571)

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5...

Critical: Red Hat Security Advisory: java-1.5.0-sun security update

Updated java-1.5.0-sun packages that correct several security issues are now available for Red Hat Enterprise Linux 4 Extras and 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. The Sun 1.5.0 Java release includes the Sun Java 5...

Facebook, MySpace Fix Subdomain Errors

Facebook and MySpace have fixed errors that could have allowed data to be given out from its subdomains. A Dutch developer, Yvo Schaap, discovered the flaw and wrote on his blog: “A “more invasive and hidden exploit could harvest all the user’s personal photos, data and messages to a central serv...

JVN#75694913 Roundcube Webmail vulnerable to cross-site request forgery

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site request forgery vulnerability. This issue is different from JVN33820033 and JVN72974205. Impact An attacker may be able to send arbitrary emails. Solution Update the...