3856 matches found
cumin: multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...
Reflected XSS within the username parameter of the /user/non-system/{username} rest resource
The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...
Reflected XSS within the username parameter of the /user/non-system/{username} rest resource
The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...
Design/Logic Flaw
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via 1 a direct request to plugins/visiblehookpoints/index.php, an invalid 2 page or 3 cat parameter to thumbnails.php, an invalid 4 page parameter to usermgr.php, or an invalid 5 newerthan or 6 oldertha...
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
DEBIAN-CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
Design/Logic Flaw
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
CVE-2012-1586
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
CVE-2010-5187
SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running on servers with certain configurations, allows remote attackers to obtain sensitive information via a direct request to PHP files in the 1 sapphire, 2 cms, or 3 mysite folders, which reveals the installation path in an error...
CVE-2012-4219
showconfigerrors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file...
CVE-2012-4219
showconfigerrors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file...
Design/Logic Flaw
MyBB aka MyBulletinBoard before 1.6.7 allows remote attackers to obtain sensitive information via a malformed forumread cookie, which reveals the installation path in an error message...
Design/Logic Flaw
Yaqas Yet Another Question & Answer System 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message...
Information disclosure
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refreshdblist.php, which reveals the installation path in an error message...
Path disclosure due to missing library.
PMASA-2012-3 Announcement-ID: PMASA-2012-3 Date: 2012-08-09 Summary Path disclosure due to missing library. Description The showconfigerrors.php script does not include a library, so an error message shows the full path of this file, leading to possible further attacks. Severity We consider this...
Medium: perl-DBD-Pg
Issue Overview: Two format string flaws were found in perl-DBD-Pg. A specially-crafted database warning or error message from a server could cause an application using perl-DBD-Pg to crash or, potentially, execute arbitrary code with the privileges of the user running the application. CVE-2012-11...
CVE-2011-4294
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via...
Design/Logic Flaw
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via...