1511 matches found
Debian: Security Advisory (DSA-1099-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1406-1 (horde3)
The remote host is missing an update to horde3 announced via advisory DSA 1406-1. OpenVAS Vulnerability Test $Id: deb14061.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1406-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
PHP Security Framework多个输入验证漏洞
PHP Security Framework是一款WEB应用程序。 PHP Security Framework不正确输入用户提交的输入,远程攻击者可以利用漏洞以WEB权限执行任意命令或查看系统文件内容等攻击。 PHP Security Framework存在多个SQL注入和远程文件包含问题,攻击者借此可获得敏感信息或以WEB权限执行任意代码。 Benjamin Mosse PHP Security Framework Beta 1 目前没有解决方案提供: http://www.netkamp.com/netemlak.asp...
CVE-2007-5712
The internationalization i18n framework in Django 0.91, 0.95, 0.95.1, and 0.96, and as used in other products such as PyLucid, when the USEI18N option and the i18n component are enabled, allows remote attackers to cause a denial of service memory consumption via many HTTP requests with large...
Phpbasic basicFramework Includes.PHP远程文件包含漏洞
Phpbasic basicFramework是一款基于PHP的WEB应用程序。 Phpbasic basicFramework不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于'includes.php'脚本对用户提交的'root'参数缺少过滤,指定远程服务器上的任意文件作为包含参数,可导致以WEB权限执行任意PHP代码。 phpbasic.com basicFramework 1.0 目前没有详细解决方案提供: http://fw.phpbasic.com/?basic=topic&id=1...
CCProxy <= v6.2 Telnet Proxy Ping Overflow Exploit (meta)
Exploit for unknown platform in category remote exploits ========================================================= CCProxy 'CCProxy %q This module exploits the YoungZSoft CCProxy 'Patrick Webster ' , 'Arch' = ARCHX86 , 'License' = MSFLICENSE, 'Version' = '$Revision$', 'References' = 'BID', '11666...
codeigniter-multi.txt
CodeIgniter is a powerful PHP framework with a very small footprint, built for PHP coders who need a simple and elegant toolkit to create full-featured web applications. http://www.codeigniter.com 1. sanitizeglobals global variables unsetting By setting e.g. "SERVER=anonymous" cookie in the...
Apache MyFaces Tomahawk JSF Framework 1.1.5 - 'Autoscroll' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24480/info Apache Tomahawk MyFaces JSF Framework is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to launch cross-site scripting attacks on...
SNMPc <= 7.0.18 Remote Denial of Service Exploit (meta)
Exploit for unknown platform in category dos / poc ======================================================= SNMPc 'SNMPc ', 'Description' = %q This module sends a specially-crafted packet to the service login of snmpc causing a denial of service of snmpc. , 'Author' = 'En Douli, Tks to OaiTeam ' ,...
DSA-1292-1 qt4-x11
Bulletin has no description...
CVE-2007-2381
The MochiKit framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...
CVE-2007-2376
The CVE-2007-2376 entry describes a vulnerability in the Dojo framework where data is exchanged in JSON without a protective scheme, allowing remote attackers to exfiltrate data by loading a URL in the SRC attribute of a SCRIPT element and then reading it with other JavaScript. This results in pa...
CVE-2007-2378
The CVE-2007-2378 issue concerns the Google Web Toolkit (GWT) framework, where JSON data is exchanged without a protection scheme, enabling JavaScript Hijacking. IBM’s bulletin specifies ITNM (IBM Tivoli Network Manager) IP Edition 4.2 GA through 4.2.0.15 is affected, with a fix in ITNM 4.2 Fix P...
CVE-2007-2379
CVE-2007-2379 affects the jQuery framework, where data is exchanged as JSON without an associated protection scheme. This enables JavaScript Hijacking: a remote attacker can obtain data by a page that retrieves it through a URL in the SRC attribute of a SCRIPT element and reads it with other Java...
CVE-2007-2380
The CVE-2007-2380 issue affects the Microsoft Atlas framework, where JSON data is exchanged without an associated protection scheme, enabling JavaScript Hijacking. Affected component is the Atlas JSON data exchange; root cause is lack of protection in JSON data retrieved via a SCRIPT element SRC ...
CVE-2007-2381
The CVE-2007-2381 issue concerns the MochiKit framework. Affected component: MochiKit’s data exchange using JSON without an accompanying protection scheme. Root cause: data can be obtained by exploiting a page that fetches the JSON via a SCRIPT element’s SRC URL and related JavaScript, i.e., Java...
CVE-2007-2382
The CVE-2007-2382 entry concerns the Moo.fx framework, where data is exchanged in JSON without an associated protection scheme. The underlying issue is exposed via JavaScript Hijacking: a malicious page can retrieve data by loading a URL in the SRC attribute of a SCRIPT element and capturing it w...
CVE-2007-2383
CVE-2007-2383 affects the Prototype.js framework prior to 1.5.1 RC3, which exposes JSON data via a SCRIPT SRC URL and allows data exfiltration via JavaScript Hijacking. Public connected documents confirm the vulnerability vector and mention the affected library version. The provided sources do no...
CVE-2007-2385
The set of connected records confirms a JavaScript Hijacking vulnerability in the Yahoo! UI framework. Affected component: Yahoo! UI framework; vulnerability arises from exchanging data in JSON without an associated protection scheme, allowing a remote attacker to obtain data when a web page load...
CVE-2007-2379
The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other...