3856 matches found
ok.ru: Missing proper error message.
Steps to reproduce: 1.Load the URL: http://ok.ru/ in any browser. 2.Now goto Browser settings and disable the Cookies. 3.Try to login using valid credentials . 4.Observed that user is redirected to login page again without any proper error message . Technical Impact: This leads user to feel...
CVE-2016-4561
Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...
CVE-2016-4561
Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...
Cross site scripting
Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...
Cisco IOS-XE Fragmented Packet Resource Consumption Vulnerability
A vulnerability in the packet reassembly subsystem of Cisco IOS-XE could allow an unauthenticated, remote attacker to consume CPU resources which may lead to a denial of service DoS condition. The vulnerability is due to an error message that is triggered to the console and the syslog when a...
Shopify: staff memeber can install apps even if have limitied access
hey ; for example staff member have limit access to orders when this memeber want install app scope readorders ,error message showed : Oauth error invalidrequest: You do not have permission to access the requested scopes bug: ----- staff memeber can install app even if have limit access to scops...
Error: "Generate the new security key" on StoreFront
The following error is displayed when connecting to StoreFront: Generate the new security key...
Gratipay: Getting Error Message and in use python version 2.7 is exposed.
Getting Error Message and in use python version 2.7 is exposed. Application is unnecessarily exposing the following response headers and message which divulge its choice of web platform: Request is undecodable. /app/.heroku/python/lib/python2.7/encodings/utf8.py:16...
Veris: User enumeration via error message
Hi guys, Well, the issue is in authentication process, an attacker able to enumerate registered users on the site via brute forcing the login page, in case when user is not exist, system returns the following error message: "User not exist", in case when user exist, but incorrect password:...
Error: "Cannot Complete Your Request" When Connecting to StoreFront
The following error is displayed when connecting to StoreFront: Cannot Complete Your Request New Experience Classic Experience...
Design/Logic Flaw
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...
CVE-2016-2042
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...
Design/Logic Flaw
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
UBUNTU-CVE-2016-2038
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2044
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2042
phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request to 1 libraries/phpseclib/Crypt/AES.php or 2 libraries/phpseclib/Crypt/Rijndael.php, which reveals the full path in an error message...
CVE-2016-2044
libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
CVE-2016-2038
phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message...
Project Administrators can adjust permission schemes without having the permission
h3. Summary When alterations to a permission scheme of a Service Desk projects have been made, the project administration page can display an error message as described on the following page: https://confluence.atlassian.com/servicedesk/resolving-permission-scheme-errors-660967497.html In order t...
Project Administrators can adjust permission schemes without having the permission
h3. Summary When alterations to a permission scheme of a Service Desk projects have been made, the project administration page can display an error message as described on the following page: https://confluence.atlassian.com/servicedesk/resolving-permission-scheme-errors-660967497.html In order t...