38 matches found
Sql injection
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...
CVE-2020-23711
SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET input category in navigate.php...
CVE-2018-2603
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
Improper Access Control
Oracle Java SE is vulnerable to Improper Access Control vulnerability. This is because the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an...
OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
OpenJDK: DerValue unbounded memory allocation (Libraries, 8182387)
It was discovered that the Libraries component of OpenJDK failed to sufficiently limit the amount of memory allocated when reading DER encoded input. A remote attacker could possibly use this flaw to make a Java application use an excessive amount of memory if it parsed attacker supplied DER...
Apache Subversion mod_dav_svn Integer Overflow Vulnerability
Apache Subversion is an open source version control system that is compatible with Concurrent Versions System CVS. An integer overflow vulnerability exists in the util.c file in Apache Subversion's moddavsvn. A remote attacker could submit a special skel-encoded request body for a denial of servi...
IniNet Solutions SCADA Web Server Security Restriction Bypass Vulnerability
IniNet SCADA Web Server is a third-party web-based server software. A security restriction bypass vulnerability exists in SCADA Web Server versions prior to 2.02 when processing URL-encoded input. An attacker could exploit this vulnerability to perform unauthorized operations...
ZenPhoto20 vulnerable to cross-site scripting
Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...
DSA-3256-1 libtasn1-6 - security update
Bulletin has no description...
Microsoft ASP.NET MVC Cross-Site-Scripting (MS14-059; CVE-2014-4075)
A cross-site scripting vulnerability has been reported in ASP.NET MVC. The vulnerability is due the way ASP.NET MVC improperly handles encoded input. A remote attacker can exploit this vulnerability by enticing an affected user to open a malicious web-page...
CVE-2008-1468
Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...
CVE-2008-1468
Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...
CVE-2008-1468
Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...
Cross site scripting
Cross-site scripting XSS vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input...
CVE-2008-0769
Cross-site scripting XSS vulnerability in Livelink ECM 9.0.0 through 9.7.0 and possibly earlier does not set the charset, which allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input...
CVE-2008-0769
CVE-2008-0769 affects EMC Livelink ECM versions 9.0.0 through 9.7.0 (possibly earlier). The root cause is that the application does not set the character set, enabling cross-site scripting (XSS) via UTF-7 encoded input. Documented in multiple sources (NVD entry, CVE lists), it indicates an input‑...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied, URL-encoded input to the read...