Lucene search
+L

28 matches found

FreeBSD
FreeBSD
added 2011/01/26 12:0 a.m.55 views

opera -- multiple vulnerabilities

Opera reports: Opera 11.01 is a recommended upgrade offering security and stability enhancements. The following security vulnerabilities have been fixed: Removed support for "javascript:" URLs in CSS -o-link values, to make it easier for sites to filter untrusted CSS. Fixed an issue where large...

9.3CVSS1.8AI score0.05637EPSS
Exploits0References4
Opera Security Advisories
Opera Security Advisories
added 2011/01/25 12:0 a.m.487 views

Large form inputs can allow execution of arbitrary code

When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could be used to execute code. To inject code, additional techniques will have to be employed...

2.8AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2011/01/25 12:0 a.m.8 views

Large form inputs can allow execution of arbitrary code – Opera Security Advisories

Large form inputs can allow execution of arbitrary code – Opera Security Advisories OPCOM Team | January 25, 2011 Severity Critical Description When certain large form inputs appear on a web page, they can cause Opera to crash. In some cases, the crash can lead to memory corruption, which could b...

6.2AI score
Exploits0References1
Prion
Prion
added 2010/10/28 12:0 a.m.23 views

Design/Logic Flaw

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.4CVSS7.1AI score0.0225EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2010/10/28 12:0 a.m.30 views

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.4CVSS6AI score0.0225EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2010/10/27 10:0 p.m.36 views

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.4CVSS6.5AI score0.0225EPSS
Exploits0
Cvelist
Cvelist
added 2010/10/27 10:0 p.m.23 views

CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

6.5AI score0.0225EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2002/06/10 12:0 a.m.24 views

Geeklog 1.3.5 - Calendar Event Form Script Injection

source: https://www.securityfocus.com/bid/4974/info Geeklog does not sufficiently sanitize script code from form fields, making it prone to script injection attacks. Attacker-supplied script code may potentially end up in webpages generated by Geeklog and will execute in the browser of a user who...

7AI score
Exploits0
Rows per page
Query Builder