CVE-2018-12536

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled by the DefaultServlet's static file serving, the bad characters can trigger a...

Linux kernel competitive conditions vulnerability (CNVD-2018-05305)

Linux kernel is the kernel used by Linux, the open source operating system released by the Linux Foundation in the United States. A competitive condition vulnerability exists in the 'storeintwithrestart' function in the arch/x86/kernel/cpu/mcheck/mce.c file in the Linux kernel. A local attacker c...

Cross site scripting

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...

CVE-2018-6010

In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. Related to base/ErrorHandler.php, log/Dispatcher.php, and views/errorHandler/exception.php...

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

Remote attackers could obtain potentially sensitive information from exception messages printed by the error handler in non-debug mode.

More info at https://www.yiiframework.com/news/165/yii-2-0-14-is-released/...

International Islamic University Chittagong: Improper error handler

during the analysis it was found that when we submit the form and try to upload a txt file then it show a error page with internal path disclosure...

Yii Framework Cross-Site Scripting Vulnerability (CNVD-2017-25538)

Yii Framework is the Yii team developed a set of component-based , high-performance PHP framework for developing large-scale Web applications . Yii Framework 2.0.12 version of the framework/views/errorHandler/exception.php file has a cross-site scripting vulnerability , the vulnerability stems fr...

Cross site scripting

Cross-site scripting XSS vulnerability in the error handler in MyBB aka MyBulletinBoard before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross-site Scripting (XSS)

Grails-core is vulnerable to cross-site scripting XSS attacks through the default error handler. The default error handler does not sanitize user-input values when displaying an error, allowing an attacker to inject arbitrary Javascript code into a victim's browser...

kernel security and bug fix update

3.10.0-327.18.2.OL7 - Oracle Linux certificates Alexey Petrenko 3.10.0-327.18.2 - lib keys: Fix ASN.1 indefinite length object parsing David Howells 1308814 1308815 CVE-2016-0758 3.10.0-327.18.1 - scsi bnx2fc: Fix FCP RSP residual parsing Maurizio Lombardi 1322279 1306342 - mm madvise: fix...

CVE-2007-1883

PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via the iptcembed function, which calls certain...

Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rцsemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

CMS Contenido 4.9.5 Cross Site Scripting

Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...

FreeBSD : drupal6 -- multiple vulnerabilities (1acf9ec5-877d-11e0-b937-001372fd0af2)

Drupal Team reports : A reflected cross site scripting vulnerability was discovered in Drupal's error handler. Drupal displays PHP errors in the messages area, and a specially crafted URL can cause malicious scripts to be injected into the message. The issue can be mitigated by disabling on-scree...

PT-2011-2598 · Adobe · Coldfusion

Name of the Vulnerable Software and Affected Versions: Adobe ColdFusion versions 9.0.1 CHF1 and earlier Description: The issue allows remote attackers to obtain sensitive information via an id=- query to a .cfm file, which reveals the installation path in an error message. The vendor disputes the...

Apache ActiveMQ version 5.3.x XSS Vulnerabilities

Exploit for php platform in category web applications ================================================= Apache ActiveMQ version 5.3.x XSS Vulnerabilities ================================================= Severity: Medium Overview: --------- Apache ActiveMQ is prone to cross-site scripting...

Apache ActiveMQ XSS Vulnerability

Vulnerability Info: 26/04/2010 Issue Discovered 26/04/2010 Vendor Notified 27/04/2010 Vendor Conformed Class: Cross-Site Scripting Input validation Severity: Medium Overview: --------- Apache ActiveMQ is prone to cross-site scripting vulnerability. Technical Description: ---------------------- Th...

Directory traversal

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...

CVE-2007-5684

Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to include and execute arbitrary files via an absolute pathname in 1 errorhandlerfile and 2 localphp parameters to a tiki-index.php, or 3 encoded "..%2F" sequences in the implanguage parameter to...