Lucene search
K

61 matches found

Palo Alto Networks
Palo Alto Networks
added 2018/06/29 12:0 a.m.519 views

Information Disclosure in the PAN-OS Management Web Interface

A local privilege escalation vulnerability exists in the PAN-OS management web interface that allows the administrator to access the password hashes of local users by manipulating the HTML markup. Ref. PAN-91564; CVE-2018-9334 Successful exploitation of this issue requires the attacker to be...

1.7AI score0.00378EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/02/09 11:29 p.m.13 views

Cross site request forgery (csrf)

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be us...

6.8CVSS8.7AI score0.00603EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/02/09 11:0 p.m.16 views

CVE-2018-1000053

LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request Forgery CSRF vulnerability in Theme Uninstallation that can result in CSRF causing LimeSurvey admins to delete all their themes, rendering the website unusable. This attack appear to be exploitable via Simple HTML markup can be us...

8.8AI score0.00603EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2017/10/24 6:33 p.m.39 views

actionpack Cross-site Scripting vulnerability

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 2.3.16, 3.0.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML...

4.3CVSS5.2AI score0.01977EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2017/06/08 12:0 a.m.7 views

The vulnerability of the CAttrArray object implementation in Internet Explorer browsers allows a perpetrator to trigger a service failure or execute arbitrary code.

The vulnerability of the CAttrArray service implementation in Internet Explorer exists due to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures such as type mismatches and memory corruption by using a...

9.3CVSS7.9AI score0.14316EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2017/05/27 12:50 p.m.13 views

Keybase: Universal Cross-Site Scripting in Keybase Chrome extension

Description The Keybase Chrome extension makes heavy use of the insecure innerHTML DOM API, resulting in Universal Cross-Site Scripting on all Keybase-supported social networking websites. Steps to reproduce the issue 1. Install the Keybase Chrome extension 2. Navigate to the following URL addres...

6.2AI score
Exploits0
Fedora
Fedora
added 2016/09/04 5:43 p.m.31 views

[SECURITY] Fedora 25 Update: elog-3.1.1-7.fc25

ELOG is part of a family of applications known as weblogs. Their general purpose is: 1. To make it easy for people to put information online in a chronological fashion, in the form of short, time-stamped text messages "entries" with optional HTML markup for presentation, and optional file...

7.5CVSS0.01024EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/04/10 12:0 a.m.141 views

RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.5CVSS8AI score0.13911EPSS
Exploits2References15
RedHat Linux
RedHat Linux
added 2013/03/26 7:10 p.m.146 views

Moderate: Red Hat Security Advisory: Subscription Asset Manager 1.2.1 update

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...

7.5CVSS6.7AI score0.13911EPSS
Exploits2References11
NVD
NVD
added 2012/08/10 10:34 a.m.23 views

CVE-2012-3465

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS5.5AI score0.01977EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2012/08/10 10:34 a.m.39 views

CVE-2012-3465

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS7.2AI score0.01977EPSS
Exploits1References4
RubySec
RubySec
added 2012/08/09 12:0 a.m.40 views

CVE-2012-3465 rubygem-actionpack: XSS Vulnerability in strip_tags

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/sanitizehelper.rb in the striptags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via malformed HTML markup...

4.3CVSS4AI score0.01977EPSS
Exploits1References1Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2012/08/01 12:0 a.m.9 views

Certain characters in HTML can incorrectly be ignored, which can facilitate XSS attacks – Opera Security Advisories

Sites that allow content to be provided by untrusted users, such as forums and blogging sites, typically sanitize the untrusted content to ensure that it does not contain any harmful content, such as malicious scripts. When certain characters appear at specific locations within HTML markup, they...

5.6AI score
Exploits0References1
Prion
Prion
added 2011/06/06 7:55 p.m.24 views

Design/Logic Flaw

common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...

5CVSS7AI score0.01543EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2011/06/06 7:0 p.m.31 views

CVE-2011-1952

common.php in Post Revolution before 0.8.0c-2 allows remote attackers to cause a denial of service infinite loop via malformed HTML markup, as demonstrated by an a sequence...

6.4AI score0.01543EPSS
Exploits2References5
CVE
CVE
added 2011/06/06 7:0 p.m.49 views

CVE-2011-1952

CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a

5CVSS6.6AI score0.01543EPSS
Exploits2References5Affected Software1
OpenVAS
OpenVAS
added 2009/09/10 12:0 a.m.23 views

Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)

This host is missing a critical security update according to Microsoft Bulletin MS09-046. OpenVAS Vulnerability Test $Id: secpodms09-046.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability 956844 Authors: Sharath S Copyright: Copyrigh...

9.3CVSS0.6AI score0.25618EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2009/09/10 12:0 a.m.41 views

Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)

This host is missing a critical security update according to Microsoft Bulletin MS09-046. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

9.3CVSS5AI score0.25618EPSS
Exploits1References5
NVD
NVD
added 2009/09/08 10:30 p.m.23 views

CVE-2009-2519

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component...

9.3CVSS7.2AI score0.25618EPSS
Exploits1References6
Cvelist
Cvelist
added 2009/09/08 10:0 p.m.31 views

CVE-2009-2519

The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component...

7.1AI score0.25618EPSS
Exploits1References6
Rows per page
Query Builder