SA-2007-021: Project issue tracking - XSS vulnerabilities in subscription forms.

The Project issue tracking module provides a subscription functionality enabling users to sign up for e-mail notification of issue updates. The subscriptions can be edited on both an individual or overview form. Users who have permissions to create or edit projects may be able to inject arbitrary...

Oracle Jinitiator 1.1.8 Vulnerabilities CVE-2007-4467 - Additional Information

US-CERT released an advisory on August 28, 2007 regarding multiple stack buffer overflows in the Oracle Jinitiator product Vulnerability Note VU474433/CVE-2007-4467. Due to limited public technical information on Jinitiator, no access to the Oracle support website, and maybe lack of cooperation...

Stack overflow

Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control beans.ocx 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initialization parameters." NOTE: it was later...

Cross site scripting

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

CVE-2007-4318

Cross-site scripting XSS vulnerability in Forms/General1 in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the management interface in ZyNOS firmware 3.62WK.6 on the Zyxel Zywall 2 device allow remote attackers to perform certain actions as administrators, as demonstrated by a request to Forms/General1 with the 1 sysSystemName and 2...

[DRUPAL-SA-2007-017] Drupal 5.2 fixes multiple CSRF vulnerabilities

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-017 ---------------------------------------------------------------------------- Project: Drupal core Version: 5.x Date: 2007-July-26 Security risk: Moderately critical Exploitable...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

Drupal core - Cross site request forgeries

Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a privileged users to visit...

drupal -- Cross site request forgeries

The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as well. Not...

Vulnerability - cpCommerce - XSS

cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...

CVE-2007-1828

Multiple cross-site scripting XSS vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the QUERYSTRING corresponding to drop downs or 2 various forms...

CVE-2007-1832

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files 1 via a crafted filename or 2 by "using percent encoding in forms."...

Cross site scripting

Cross-site scripting XSS vulnerability in the DHT shell owdhtshell in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms...

CVE-2007-1780

Cross-site scripting XSS vulnerability in the DHT shell owdhtshell in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms...

Cross site request forgery (csrf)

WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery CSRF attacks or have other unknown impact...