Allow cookie-less instance for security reasons

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Cloud. Using Confluence Server? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFSERVER-29687. panel Allow administrators to completely remove 'remember me' and disallow remembering usernames and passwords via HTML5...

CVE-2013-4610

CVE-2013-4610 affects the Data Search utility in REDCap data-entry forms, specifically REDCap before 5.0.3 and 5.1.x before 5.1.2. The impact is not specified in the sources, and there are no public exploitation details provided in the connected documents. No remediation or fix versions are descr...

form_autocomplete

This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...

file_upload

This plugin will try to expoit insecure file upload forms. One configurable parameter exists: extensions The extensions parameter is a comma separated list of extensions that this plugin will try to upload. Many web applications verify the extension of the file being uploaded, if special extensio...

Adobe Reader BMP/RLE heap corruption - CVE-2013-2729

Adobe Reader X is a powerful software solution developed by Adobe Systems to view, create, manipulate, print and manage files in Portable Document Format PDF. Since version 10 it includes the Protected Mode, a sandbox technology similar to the one in Google Chrome which improves the overall...

Wordpress Securimage-WP Plugin v3.2.4 URI-based XSS Vulnerability

Summary Securimage-WP adds powerful CAPTCHA protection to comment forms on posts and pages to help prevent comment spam from getting onto your site. Description Securimage-WP suffers from a XSS issue in 'siwptest.php' that uses the 'PHPSELF' variable. The vulnerability is present because there...

Securimage 3.5 URI-based Cross-Site Scripting Vulnerability

Summary Securimage is an open-source free PHP CAPTCHA script for generating complex images and CAPTCHA codes to protect forms from spam and abuse. Description Securimage suffers from a XSS issue in 'exampleform.php' that uses the 'REQUESTURI' variable. The vulnerability is present because there...

Mandriva Linux Security Advisory : emacs (MDVSA-2013:076)

Updated emacs packages fix security vulnerabilities : Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent...

[SECURITY] Fedora 18 Update: drupal7-ctools-1.3-1.fc18

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

CVE-2013-0073

The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...

Privilege escalation

The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...

CVE-2013-0073

The Windows Forms aka WinForms component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 ...

MS13-015: Vulnerability in .NET Framework Could Allow Elevation of Privilege (2800277)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by a privilege escalation vulnerability due to a flaw in the way .NET elevates the permissions of a callback function when a particular Windows Forms object is created. C Tenable Network Security, Inc...

Web: Bypass of security constraints

org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /jsecuritycheck at the end of a URI...

CVE-2013-0002

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Information disclosure

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...

Buffer overflow

Buffer overflow in the Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework application that leverag...

CVE-2013-0001

CVE-2013-0001 concerns a vulnerability in the Windows Forms (WinForms) component of Microsoft .NET Framework (1.0 SP3–4.5). The root cause is improper initialization of memory arrays and use of a pointer to unmanaged memory, enabling information disclosure. Exploitation could occur via a crafted ...

CVE-2013-0001

The Windows Forms aka WinForms component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via 1 a crafted XAML browser application XBAP or 2 a crafted .NET Framework...