3856 matches found
CVE-2011-4294
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via...
CVE-2011-4294
CVE-2011-4294 describes an open redirect flaw in Moodle’s error-message handling. In Moodle 1.9.x (before 1.9.13), 2.0.x (before 2.0.4), and 2.1.x (before 2.1.1), continuation links in error messages are not guaranteed to point to http(s) URLs of the local Moodle instance, enabling attackers to l...
CVE-2012-3382
Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...
Cross site scripting
Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...
CVE-2012-3382
Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...
CVE-2012-3382
Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...
CVE-2012-3382
Cross-site scripting XSS vulnerability in the ProcessRequest function in mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs in Mono 2.10.8 and earlier allows remote attackers to inject arbitrary web script or HTML via a file with a crafted name and a forbidden extension, which is not properl...
Quest NetVault SmartDisk <= 1.2.1 integer overflow
Exploit for windows platform in category local exploits -------- winerr.h -------- / Header file used for manage errors in Windows It support socket and errno too this header replace the previous sockerrX.h / include include void stderrvoid char error; switchWSAGetLastError case 10004: error =...
Low: Red Hat Security Advisory: xorg-x11-server security and bug fix update
Updated xorg-x11-server packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severi...
cifs-utils: mount.cifs file existence disclosure vulnerability
mount.cifs in cifs-utils 2.6 allows local users to determine the existence of arbitrary files or directories via the file path in the second argument, which reveals their existence in an error message...
PBBoard 2.1.4 SQL Injection
Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubuntu Server 8.04 / PHP Version...
PBBoard 2.1.4 - Multiple SQL Injections
PBBoard 2.1.4 - Multiple SQL Injections Title: PBBoard v2.1.4 multiple SQLi Vulnerabilities Version: 2.1.4 Author/Found by: loneferret Software Site: http://www.pbboard.com/PBBoardv2.1.4.zip Other vulnerabilities: http://www.exploit-db.com/exploits/18937/ Date found: May 29th 2012 Tested on: Ubun...
CVE-2012-1792
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...
Cross site scripting
Cross-site scripting XSS vulnerability in osCommerce/OM/Core/Site/Setup/Application/Install/RPC/DBCheck.php in OSCommerce Online Merchant 3.0.2, when the software is being installed, allows remote attackers to inject arbitrary web script or HTML via the name parameter to oscommerce/index.php, whi...
Cross site scripting
Cross-site scripting XSS vulnerability in Support Incident Tracker SiT! 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is not properly handled in an error message...
CVE-2012-2922
The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...
UBUNTU-CVE-2012-2922
The requestpath function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q parameter to index.php, which reveals the installation path in an error message...
CVE-2012-2922
Removed by vendor...
FreeBSD Ports: firefox
The remote host is missing an update to the system as announced in the referenced advisory. VID 380e8c56-8e32-11e1-9580-4061862b8c22 OpenVAS Vulnerability Test $ Description: Auto generated from VID 380e8c56-8e32-11e1-9580-4061862b8c22 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
PHP crossite scripting
XSS on error message if displayerrors enabled...