FreeBSD : bugzilla -- information disclosure, denial of service (8cbf4d65-af9a-11df-89b8-00151735203a)

A Bugzilla Security Advisory reports : - Remote Information Disclosure : An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of...

CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the 1 Reports or 2 Duplicates page...

CVE-2010-2758

CVE-2010-2758 concerns Bugzilla where error messages differ depending on whether a product exists, enabling remote users to enumerate product names. Affected versions include Bugzilla 2.17.1–3.2.7, 3.3.1–3.4.7, 3.5.1–3.6.1, and 3.7–3.7.2. The connected documents reference Fedora/OpenVAS advisorie...

CVE-2010-2758

Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 generates different error messages depending on whether a product exists, which makes it easier for remote attackers to guess product names via unspecified use of the 1 Reports or 2 Duplicates page...

rekonq 'Error Page' Cross-Site Scripting Vulnerabilities

This host is installed with rekonq and is prone to cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbrekonqmultxssvuln.nasl 4919 2017-01-02 15:22:45Z cfi $ rekonq 'Error Page' Cross-Site Scripting Vulnerabilities. Authors: Madhuri D Copyright: Copyright c 2010 Greenbone...

bugzilla -- information disclosure, denial of service

A Bugzilla Security Advisory reports: Remote Information Disclosure: An unprivileged user is normally not allowed to view other users' group membership. But boolean charts let the user use group-based pronouns, indirectly disclosing group membership. This security fix restricts the use of pronoun...

httpd: Expect header XSS

httpprotocol.c in 1 IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and 2 Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site...

CVE-2010-2854

Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...

Design/Logic Flaw

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message...

CVE-2010-2859

news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message...

CVE-2010-2854

Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...

Design/Logic Flaw

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via 1 a viewadrates action with an invalid uid parameter, which reveals the installation path in an error message; or 2 an adminlogin action with a crafted uid parameter, which reveals the version number...

CVE-2010-2722

Cross-site scripting XSS vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artistid parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the...

CVE-2010-2722

CVE-2010-2722 describes an XSS vulnerability in RightInPoint Lyrics Script 3.0 (index.php) where the attacker can inject arbitrary script via the artist_id parameter, due to inadequate handling of data in a forced SQL error message. The affected component is the web interface’s index.php for Lyri...

Apple Webkit ProcessInstruction Target Error Message Insertion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple's Webkit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with how WebKit inserts...

Fedora Update for mod_auth_shadow FEDORA-2010-6359

Check for the Version of modauthshadow OpenVAS Vulnerability Test Fedora Update for modauthshadow FEDORA-2010-6359 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...

CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...

CVE-2010-1457

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a 1 -c or 2 -a option, which prints file contents in an error message...