CVE-2014-2890

Cross-site scripting XSS vulnerability in the wraphtml function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openiderror parameter to MyID.config.php when the openid.mode parameter is set to error, which is not properly handled in an error...

Localize: Unexpected array leaks information about the system

By changing a string parameter on the /pages/settings page to an array see example.png and submitting the form, the page shows an error message leaking information about the server and functions used see error.png. This works on multiple POST parameters. Warning: trim expects parameter 1 to be...

Design/Logic Flaw

The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...

PYSEC-2014-58

The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...

PYSEC-2014-58

The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...

PicsEngine 2 Beta Cross Site Scripting / SQL Injection

PicsEngine Application error message Vulnerability ================================================== Author indoushka ================================================== vendor : Powered by PicsEngine 2 Beta ================================================== Blind SQL Injection :...

CVE-2014-1840

Cross-site scripting XSS vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a dosearch action, which is not properly handled in a forced SQL error message...

ImageMagick 6.8.8-4 - Local Buffer Overflow (SEH)

I saw the notice for this CVE today but there was no known published expoits so I figured I'd put together this quick POC. Note, all app modules for the tested version were compiled with safeSEH so my use of an OS module may require adjustment of the offsets. There also appears to be several bad...

Fedora 20 : imapsync-1.584-1.fc20 (2014-2505)

1.584 - Enhancement: Added --minmaxlinelength to select messages with long lines only. It helps to diagnostic Echange error on messages with lines longer than 9000 characters - Enhancement: Added --debugmaxlinelength - Bug fix: --ssl1 --tls2 was buggy because of default SSLVERIFYPEER. 'Can not go...

Default credentials

kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and password in an error message...

CVE-2013-2074

Removed by vendor...

CVE-2012-0059

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

Default credentials

Spacewalk-backend in Red Hat Network RHN Satellite and Proxy 5.4 includes cleartext user passwords in an error message when a system registration XML-RPC call fails, which allows remote administrators to obtain the password by reading 1 the server log and 2 an email...

CVE-2012-0059 Spacewalk-backend: spacewalk-backend: information disclosure via cleartext passwords in error messages

A flaw was found in Spacewalk-backend. This information disclosure vulnerability occurs when a system registration XML-RPC call fails, causing cleartext user passwords to be included in error messages. Remote administrators can exploit this by reading server logs and emails, leading to the...

[Netsparker v3.2] Web Application Security Scanner

Netsparker can crawl, attack and identify vulnerabilities in all custom web applications regardless of the platform and the technology they are built on, just like an actual attacker. It can identify web application vulnerabilities like SQL Injection, Cross-site Scripting XSS, Remote Code Executi...

CVE-2013-7078

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

UBUNTU-CVE-2013-7078

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers t...

CVE-2013-7078

TYPO3 Extbase Framework XSS (CVE-2013-7078) affects errorAction in ActionController base class. Vulnerable in TYPO3 versions 4.5.0–4.5.31, 4.7.0–4.7.16, 6.0.0–6.0.11, and 6.1.0–6.1.6 when the Rewritten Property Mapper is enabled. The vulnerability allows remote attackers to inject arbitrary scrip...

CVE-2013-7082

Cross-site scripting XSS vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow formerly FLOW3 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message...

Design/Logic Flaw

Cisco WebEx Training Center provides different error messages for registration attempts depending on whether the e-mail address exists, which allows remote attackers to enumerate attendees via a series of requests, aka Bug ID CSCul36003...