Lucene search
+L

53 matches found

OSV
OSV
added 2018/08/20 2:29 a.m.4 views

CVE-2018-15574

An issue was discovered in the license editor in Reprise License Manager RLM through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/editlfgetdata lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."...

6.1CVSS5.7AI score0.0083EPSS
Exploits1References2
OSV
OSV
added 2018/06/26 4:29 p.m.24 views

CVE-2018-1000550

The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...

9.8CVSS9.5AI score
Exploits0References4
CNVD
CNVD
added 2018/06/07 12:0 a.m.4 views

Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2018-11303)

Cisco Unity Connection is a unified messaging and voicemail solution that accelerates collaboration. A cross-site scripting vulnerability exists in the web framework in Cisco Unity Connection. The vulnerability stems from insufficient input validation of certain parameters passed to the affected...

6.1CVSS6.4AI score0.01783EPSS
Exploits0References1
OSV
OSV
added 2018/01/26 7:29 p.m.4 views

UBUNTU-CVE-2017-18076

In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...

7.5CVSS7.1AI score0.02129EPSS
Exploits0References5
OSV
OSV
added 2015/11/09 11:59 a.m.1 views

DEBIAN-CVE-2015-5731

Cross-site request forgery CSRF vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service editing blockage, via a get-post-lock action...

6.8CVSS6.9AI score0.03854EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2012/06/22 1:12 a.m.7 views

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.4AI score0.02953EPSS
Exploits3References4
Zero Science Lab
Zero Science Lab
added 2012/02/17 12:0 a.m.17 views

SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities

Summary SQL Buddy is an open source web based MySQL administration application. Description SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method...

6.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2010/04/27 3:55 a.m.6 views

JBoss Application Server Web Console Authentication bypass

The Web Console aka web-console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an...

7.5CVSS7.5AI score0.62308EPSS
Exploits4References5
Positive Technologies
Positive Technologies
added 2010/04/26 12:0 a.m.3 views

PT-2010-1180 · Red Hat · Red Hat Jboss Enterprise Application Platform

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08 Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07 Description: The issue is related to insufficient access control in the Web Console of...

7.5CVSS7.5AI score0.62308EPSS
Exploits4References22
0day.today
0day.today
added 2009/06/16 12:0 a.m.27 views

Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability

Exploit for unknown platform in category dos / poc ===================================================== Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability ===================================================== !/usr/bin/perl Title: Carom3D 5.06 Unicode Buffer Overrun/Denial Of Service...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2009/06/16 12:0 a.m.28 views

Carom3D 5.06 - Unicode Buffer Overrun/Denial of Service

!/usr/bin/perl Title: Carom3D 5.06 Unicode Buffer Overrun/Denial Of Service Vulnerability Summary: Carom 3D is an online multi-user billiard game created with special 3D graphic effects bringing every aspect such as 6 ball, 9 ball, 8 ball and other Billiard games to life. Product Web Page:...

7.4AI score
Exploits0
Typo3
Typo3
added 2007/07/12 12:0 a.m.15 views

Multiple vulnerabilities in civserv

Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected...

7.5AI score
Exploits0Affected Software1
NVD
NVD
added 2007/04/18 3:19 a.m.18 views

CVE-2007-2066

UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...

5CVSS6.1AI score0.01205EPSS
Exploits0References3
Rows per page
Query Builder