53 matches found
CVE-2018-15574
An issue was discovered in the license editor in Reprise License Manager RLM through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/editlfgetdata lf parameter via GET or POST. NOTE: the vendor has stated "We do not consider this a vulnerability."...
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/POST request. This...
Cisco Unity Connection Cross-Site Scripting Vulnerability (CNVD-2018-11303)
Cisco Unity Connection is a unified messaging and voicemail solution that accelerates collaboration. A cross-site scripting vulnerability exists in the web framework in Cisco Unity Connection. The vulnerability stems from insufficient input validation of certain parameters passed to the affected...
UBUNTU-CVE-2017-18076
In strategy.rb in OmniAuth before 1.3.2, the authenticitytoken value is improperly protected because POST in addition to GET parameters are stored in the session and become available in the environment of the callback phase...
DEBIAN-CVE-2015-5731
Cross-site request forgery CSRF vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, and consequently cause a denial of service editing blockage, via a get-post-lock action...
Invoker servlets authentication bypass (HTTP verb tampering)
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...
SQL Buddy 1.3.3 (GET/POST) Multiple Remote Cross-Site Scripting Vulnerabilities
Summary SQL Buddy is an open source web based MySQL administration application. Description SQL Buddy suffers from a XSS vulnerability when parsing user input to the 'DATABASE', 'HOST' and 'USER' parameters via POST method in 'login.php', and the 'db' parameter in 'dboverview.php' via GET method...
JBoss Application Server Web Console Authentication bypass
The Web Console aka web-console in JBossAs in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an...
PT-2010-1180 · Red Hat · Red Hat Jboss Enterprise Application Platform
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08 Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07 Description: The issue is related to insufficient access control in the Web Console of...
Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability
Exploit for unknown platform in category dos / poc ===================================================== Carom3D 5.06 Unicode Buffer Overrun/DoS Vulnerability ===================================================== !/usr/bin/perl Title: Carom3D 5.06 Unicode Buffer Overrun/Denial Of Service...
Carom3D 5.06 - Unicode Buffer Overrun/Denial of Service
!/usr/bin/perl Title: Carom3D 5.06 Unicode Buffer Overrun/Denial Of Service Vulnerability Summary: Carom 3D is an online multi-user billiard game created with special 3D graphic effects bringing every aspect such as 6 ball, 9 ball, 8 ball and other Billiard games to life. Product Web Page:...
Multiple vulnerabilities in civserv
Multiple vulnerabilities has been found in the extension civserv: Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks. Component Type: Third party extension. This extension is not part of the TYPO3 default installation Affected...
CVE-2007-2066
UseBB before 1.0.6 allows remote attackers to obtain sensitive information via a request with unspecified GET or POST parameters to an unspecified script, which reveals the path in an error message...