6646 matches found
CVE-2008-2848
Cross-site scripting XSS vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Unfixed XSS vulnerability at www.magnus.de
Security researcher kInGoFcHaOs, has submitted on 18/06/2008 a cross-site-scripting XSS vulnerability affecting www.magnus.de, which at the time of submission ranked 18981 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/07/2008. It is...
Unfixed XSS vulnerability at kritiker.se
Security researcher bycasper41, has submitted on 06/07/2008 a cross-site-scripting XSS vulnerability affecting kritiker.se, which at the time of submission ranked 456297 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It is currentl...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-2420
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...
CVE-2008-1669
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...
Race condition
Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...
CVE-2008-1669
Summary: CVE-2008-1669 affects the Linux kernel and arises from inadequate protection for fcntl in 2.6.x kernels prior to 2.6.25.2. The issue enables local users to (1) execute code in parallel and (2) trigger a race that can give re-ordered access to the descriptor table. Evidence in connected a...
maiancart-xss.txt
---------------------------------------------------------------- Script : Maian Cart v1.1 Type : XSS Vulnerabilities ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...
Manage Watchers shows users with no permission
We have just upgraded to Jira 3.12.2 and like the new functionality when adding watchers to an issue. There is one problem with this though. It is showing all users, including users with no permissions. This means that all employees that stopped working here will show in the drop down. We do not...
Unfixed XSS vulnerability at www.zum.de
Security researcher kInGoFcHaOs, has submitted on 28/04/2008 a cross-site-scripting XSS vulnerability affecting www.zum.de, which at the time of submission ranked 15344 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/04/2008. It is currently...
Vulnerabilities in WordPress
Здравствуйте 3APA3A! Сообщаю вам о найденных мною Abuse of Functionality и Weak Password уязвимостях в WordPress. Abuse of Functionality: В WordPress имеется возможность определения логинов в системе. Уязвимость заключается в том, что при введении верного и неверного логина при неверном пароле...
Unfixed XSS vulnerability at www.stampwants.com
Security researcher KrepTOr, has submitted on 24/04/2008 a cross-site-scripting XSS vulnerability affecting www.stampwants.com, which at the time of submission ranked 221099 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/04/2008. It is...
Unfixed XSS vulnerability at www.pro-koeln-online.de
Security researcher Hanno Boeck, has submitted on 20/03/2008 a cross-site-scripting XSS vulnerability affecting www.pro-koeln-online.de, which at the time of submission ranked 1636511 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/03/2008. ...
CVE-2008-1076
Cross-site scripting XSS vulnerability in search.php in Interspire Shopping Cart 1.x allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Fedora 8 : cacti-0.8.7b-1.fc8 (2008-1699)
Fixes: XSS vulnerabilities Path disclosure vulnerabilities SQL injection vulnerabilities HTTP response splitting vulnerabilities bug0000855: Unnecessary and faulty DEF generation for CF:AVERAGE bug0001083: Small visual fix for Cacti in 'View Cacti Log File' bug0001089: Graph xport modification to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 searchtext, 3 jobcategoryid, 4 contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third...
CVE-2008-0793
Multiple cross-site scripting XSS vulnerabilities in search.asp in Tendenci CMS allow remote attackers to inject arbitrary web script or HTML via the 1 category, 2 searchtext, 3 jobcategoryid, 4 contactcompany, and unspecified other parameters. NOTE: some of these details are obtained from third...
Unfixed XSS vulnerability at www.pc-ware.com
Security researcher Fabian Fingerle, has submitted on 13/02/2008 a cross-site-scripting XSS vulnerability affecting www.pc-ware.com, which at the time of submission ranked 356949 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/03/2008. It is...
Unfixed XSS vulnerability at www.prcenter.de
Security researcher Fabian Fingerle, has submitted on 02/06/2008 a cross-site-scripting XSS vulnerability affecting www.prcenter.de, which at the time of submission ranked 56286 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/06/2008. It is...