5027 matches found
ownCloud Server Cross-Site Scripting Vulnerability
ownCloud Server is a free and open source personal cloud storage solution created by German KDE developer Frank Karlitschek. ownCloud Server is a server version. A cross-site scripting vulnerability exists in ownCloud Server versions prior to 7.0.5 and 8.0.4 and prior to 8.0.x. The vulnerability...
CVE-2015-5953
Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...
CVE-2015-5953
Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...
IPython Notebook and Jupyter Notebook Cross-Site Scripting Vulnerabilities
IPython is an enhanced version of Python's native interactive shell developed by the IPython team.Notebook is one of the development environments.Jupyter Notebook is one of the suite of web applications for creating and sharing code and illustrative text documents. A cross-site scripting...
Lenovo Caught (3rd Time) Pre-Installing Spyware on its Laptops
Lenovo has once again been caught installing spyware on its laptops and workstations without the user's permission or knowledge. One of the most popular computer manufacturers is being criticized for selling some refurbished laptop models pre-installed with invasive marketing software that sends...
DEBIAN-CVE-2015-6938
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
CVE-2015-6938
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
PYSEC-2015-26
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
PYSEC-2015-24
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
UBUNTU-CVE-2015-6938
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
CVE-2015-6938
Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...
MGASA-2015-0372 Updated ipython packages fix CVE-2015-6938
Updated ipython packages fix security vulnerability: In IPython, local folder name was used in HTML templates without escaping, allowing XSS in said pages by carefully crafting folder name and URL to access it CVE-2015-6938...
Microsoft is Auto-Downloading Windows 10 to PCs, Even If You Don't Want it
Microsoft wholeheartedly wants you to upgrade to Windows 10. So much that even if you have not opted-in for Windows 10 upgrade, you will get it the other way. Surprised? If you have Windows Update enabled on your PCs running Windows 7 or Windows 8.1, you’ll notice a large file — between 3.5GB and...
Apache Struts vulnerable to cross-site scripting
Overview Apache Struts provided by the Apache Software Foundation is a software framework for creating web applications in Java. Apache Struts is vulnerable to cross-site scripting when JSP files can be accessed directly. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this...
Ganglia Web Frontend < 3.5.1 - PHP Code Execution
Assuming that ganglia is installed on the target machine at this path:/var/www/html/ganglia/ 2. Assuming the attacker has minimal access to the target machine and can write to "/tmp". There are several methods where a remote attacker can also trigger daemons or other system processes to create...
Ganglia Web Frontend PHP Code Execution
...
Ganglia Web Frontend 3.5.1 - PHP Code Execution
Ganglia Web Frontend 3.5.1 - PHP Code Execution...
Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving
Flash Broker-Based - Sandbox Escape via Timing Attack Against File Moving Source: https://code.google.com/p/google-security-research/issues/detail?id=280&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id FlashBroker - BrokerMoveFileEx TOCTOU IE PM Sandbox Escape 1. Windows 8....
Cisco Unified Web Interaction Manager Web Interface Denial of Service Vulnerability
Cisco Unified Web Interaction Manager is a WEB interaction manager. An input validation vulnerability in Cisco Unified Web Interaction Manager allows remote attackers to conduct denial of service attacks by deleting the default system folder in the message queue via the WEB interface...
FreeBSD : froxlor -- database password information leak (9ee72858-4159-11e5-93ad-002590263bf5)
[email protected] reports : An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file...