Lucene search
K

3858 matches found

CVE
CVE
added 2010/05/07 8:0 p.m.44 views

CVE-2010-1854

CVE-2010-1854 concerns an XSS in auktion.php of Pay Per Watch & Bid Auktions System, exploitable through the id_auk parameter, where an injected script/HTML appears in a forced SQL error message. Related records (NVD/Red Hat) confirm this vulnerability and its association to CVE-2010-1855 (SQL in...

4.3CVSS6.1AI score0.00855EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2010/05/07 8:0 p.m.21 views

CVE-2010-1854

Cross-site scripting XSS vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the idauk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; th...

5.8AI score0.00855EPSS
Exploits0References1
Prion
Prion
added 2010/04/29 9:30 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS6AI score0.01813EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2010/04/29 9:30 p.m.21 views

CVE-2010-1618

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS5.4AI score0.01813EPSS
Exploits0References5
Cvelist
Cvelist
added 2010/04/29 9:0 p.m.34 views

CVE-2010-1618

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

5.3AI score0.01813EPSS
Exploits0References5
Prion
Prion
added 2010/04/27 3:30 p.m.20 views

Information disclosure

Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message...

5CVSS6.6AI score0.0114EPSS
Exploits1References1Affected Software1
Atlassian
Atlassian
added 2010/04/18 1:44 a.m.28 views

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2010/04/18 1:44 a.m.18 views

The current CAPTCHA implementation may not be secure

The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...

0.5AI score
Exploits0Affected Software1
Prion
Prion
added 2010/04/09 6:30 p.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in tsother.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message...

4.3CVSS6.6AI score0.00855EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2010/04/09 6:0 p.m.44 views

CVE-2010-1339

CVE-2010-1339 is a cross-site scripting (XSS) vulnerability affecting the WoltLab Burning Board installation using the Teamsite Hack plugin (3.0 and earlier). The issue is triggered by the userid parameter in a modboard action within ts_other.php, where user input is inappropriately handled insid...

4.3CVSS6.2AI score0.00855EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2010/04/07 12:0 a.m.40 views

MIT Kerberos 5 kadmind DoS

use-after-free vulnerability on error message generation...

4CVSS2.4AI score0.05469EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2010/03/23 7:30 p.m.21 views

CVE-2010-1076

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS6AI score0.00855EPSS
Exploits0References1
Prion
Prion
added 2010/03/23 7:30 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...

4.3CVSS6.6AI score0.00855EPSS
Exploits0References1
myhack58
myhack58
added 2010/02/28 12:0 a.m.15 views

BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net

File:MoveThread. asp MoveThread. asp line 2-2 of 4 % if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...

1AI score
Exploits0
Cvelist
Cvelist
added 2010/01/21 10:0 p.m.29 views

CVE-2010-0376

Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...

6AI score0.01499EPSS
Exploits1References5
CVE
CVE
added 2010/01/21 10:0 p.m.49 views

CVE-2010-0376

CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...

4.3CVSS6.3AI score0.01499EPSS
Exploits1References5Affected Software1
seebug.org
seebug.org
added 2009/12/31 12:0 a.m.17 views

Apache Tomcat Error Message Reporting 跨站脚本攻击漏洞

No description provided by source...

7.1AI score
Exploits0
Prion
Prion
added 2009/12/30 8:0 p.m.15 views

Code injection

DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service CPU or...

5CVSS7AI score0.02429EPSS
Exploits2References3Affected Software1
myhack58
myhack58
added 2009/12/21 12:0 a.m.21 views

conn. asp storm library law principles and applications-vulnerability warning-the black bar safety net

Today learn conn. asp storm database,this method is a very old method,it is through direct access to the database connection file conn. asp enables the server to produce the error,by returning the error information to storm out of the database the absolute path,here in conn. asp is the database...

6.7AI score
Exploits0
Cvelist
Cvelist
added 2009/12/14 11:0 p.m.28 views

CVE-2009-4322

extras/ipntestreturn.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...

6AI score0.01318EPSS
Exploits1References3
Rows per page
Query Builder