Lucene search
+L

166 matches found

myhack58
myhack58
added 2017/09/05 12:0 a.m.27 views

Hot air classes on the site of the SQLi and XSS vulnerabilities bug-vulnerability warning-the black bar safety net

Last month in order to practice hand, I choices one of the more popular sites goodwesite.com as I penetrate the leaking test tool. In flaws in the excavation process, I've invented the Web PresenceSQL injectionandXSSflaws. The official start of the article content, let's first briefly understand...

7.7AI score
Exploits0
cnvd
cnvd
added 2017/08/30 12:0 a.m.27 views

Apache Atlas Information Disclosure Vulnerability (CNVD-2017-27445)

Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Software Foundation. An information disclosure vulnerability exists in Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating that stems from an error response containing a stack trace. A...

7.5CVSS7AI score0.02053EPSS
Exploits0References1
pypa
pypa
added 2017/08/29 8:29 p.m.22 views

PYSEC-2017-110

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

7.5CVSS7AI score0.02053EPSS
Exploits0References2Affected Software1
osv
osv
added 2017/08/29 8:29 p.m.11 views

PYSEC-2017-110

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

7.5CVSS5.8AI score0.02053EPSS
Exploits0References2
cvelist
cvelist
added 2017/08/29 8:0 p.m.26 views

CVE-2017-3154

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information...

6.8AI score0.02053EPSS
Exploits0References2
debiancve
debiancve
added 2017/07/01 6:0 p.m.50 views

CVE-2017-10788

The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service use-after-free and application crash or possibly have unspecified other impact by triggering 1 certain error responses from a MySQL server or 2 a loss of a network connection to a MySQL server. The...

9.8CVSS10AI score0.04629EPSS
Exploits0
osv
osv
added 2017/02/08 7:59 p.m.4 views

CVE-2016-9748

IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system...

4.3CVSS5.8AI score0.00941EPSS
Exploits0References2
cnvd
cnvd
added 2015/12/31 12:0 a.m.8 views

IBM B2B Advanced Communications Information Disclosure Vulnerability

IBM B2B Advanced Communication is a communication gateway product from IBM USA. An information disclosure vulnerability exists in IBM B2B Advanced Communications versions 1.0.0.2 and 1.0.0.3. An attacker can exploit the vulnerability to obtain sensitive information in error response messages with...

4.3CVSS6.1AI score0.00965EPSS
Exploits0References1
osv
osv
added 2015/05/22 12:0 a.m.3 views

UBUNTU-CVE-2015-3167

contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack...

7.5CVSS7.2AI score0.04126EPSS
Exploits0References4
osv
osv
added 2015/03/09 5:59 p.m.8 views

CVE-2015-2206

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

6.3AI score
Exploits0References10
prion
prion
added 2015/03/09 5:59 p.m.27 views

Cross site request forgery (csrf)

libraries/selectlang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to...

5CVSS6.9AI score0.03263EPSS
Exploits0References10Affected Software2
nessus
nessus
added 2014/11/08 12:0 a.m.41 views

RHEL 5 / 6 : httpd (RHSA-2012:0542)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0542 advisory. The Apache HTTP Server httpd is the namesake project of The Apache Software Foundation. It was discovered that the Apache HTTP Server di...

7.8CVSS8.5AI score0.98945EPSS
Exploits39References17
checkpoint_advisories
checkpoint_advisories
added 2013/09/22 12:0 a.m.39 views

Multiple DNS NO SUCH NAME Error Responses (CVE-2012-0006)

The Domain Name System DNS is an hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. When a DNS client needs to look up a name used in a program, it queries DNS servers to resolve the name. If the query names are...

5CVSS6.2AI score0.31083EPSS
Exploits1
redhat
redhat
added 2013/01/08 4:30 a.m.4 views

httpd: mod_negotiation XSS via untrusted file names in directories with MultiViews enabled

Cross-site scripting XSS vulnerability in the modnegotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by...

4.3CVSS5.8AI score0.6477EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2012/09/19 10:57 a.m.26 views

CVE-2012-4403

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

5CVSS5.9AI score0.014EPSS
Exploits0References4
prion
prion
added 2012/09/19 10:57 a.m.16 views

Design/Logic Flaw

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

5CVSS7AI score0.014EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2012/09/19 10:0 a.m.24 views

CVE-2012-4403

theme/yuicombo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading the response...

6.3AI score0.014EPSS
Exploits0References3
cve
cve
added 2012/09/19 10:0 a.m.49 views

CVE-2012-4403

Moodle 2.3.x before 2.3.2 is affected by CVE-2012-4403 due to improper construction of error responses in theme/yui_combo.php for the drag‑and‑drop script. This allows an unauthenticated remote attacker to discover the installation path by requesting a nonexistent resource and reading the respons...

5CVSS6.4AI score0.014EPSS
Exploits0References3Affected Software1
packetstorm
packetstorm
added 2012/08/29 12:0 a.m.49 views

ASP-DEv XM Forums RC 3 SQL Injection

. \ || \ \ \ / \ /\ \ |/ \ | / \ | | / | Y Y / \ | \ \ /|| |||| / /| / / / / / Exploit Title: ASP-DEv XM Forums RC 3 Remote Post Sql Injection Vulnerability Google Dork: Intext:"Powered by ASP-DEv XM Forums RC 3" Date: 08/29/2012 Author: Crim3R Site : Http://Ajaxtm.com/ Download Link :...

0.6AI score
Exploits0
redhat
redhat
added 2012/05/07 6:13 p.m.5 views

httpd: cookie exposure due to error responses

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request aka 400 error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a 1 long or 2 malformed header in...

4.3CVSS6.7AI score0.82756EPSS
Exploits4References4
Rows per page
Query Builder