5907 matches found
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
CVE-2013-0340
expat before version 2.4.0 does not properly handle entities expansion unless an application developer uses the XMLSetEntityDeclHandler function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers, or read arbitrary files via a...
CVE-2013-0339
libxml2 through 2.9.1 does not properly handle external entities expansion unless an application developer uses the xmlSAX2ResolveEntity or xmlSetExternalEntityLoader function, which allows remote attackers to cause a denial of service resource consumption, send HTTP requests to intranet servers,...
MGASA-2014-0007 Updated nodejs package fixes security vulnerabilities
A denial of service flaw was found in the way Node.js handled pipelined HTTP requests. A remote attacker could use this flaw to send an excessive amount of HTTP requests over a network connection, causing Node.js to use an excessive amount of memory and possibly exit when all available memory is...
ProjectForge跨站请求伪造和跨站脚本漏洞
ProjectForge是一个基于Web的项目管理解决方案包括:工时表Timesheet、费用管理、项目甘特图,控制和管理工程分解结构。 1 某些未明输入在用于JSON自动完成响应前未能正确过滤,攻击者可以在用户访问恶意数据时,利用漏洞在用户浏览器会话上下文中注入任意HTML和脚本代码。 2程序允许用户不进行适当的有效性检查,通过HTTP请求执行某些操作。当登录的用户访问特制的网页时,攻击者可以执行某些未指定的操作。 0 ProjectForge 5.x ProjectForge 5.3版本以修复此漏洞,建议用户下载使用: http://www.projectforge.org/...
JForum adminUsers Module - Cross-Site Request Forgery
JForum adminUsers Module - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/64540/info JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform...
JForum 'adminUsers' Module - Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/64540/info JForum is prone to a cross-site request-forgery vulnerability because the application does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the...
WordPress 2.0.11 - wp-adminoptions-discussion.php Script Cross-Site Request Forgery
WordPress 2.0.11 - wp-adminoptions-discussion.php Script Cross-Site Request Forgery source: https://www.securityfocus.com/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote...
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
source: https://www.securityfocus.com/bid/64564/info WordPress is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected...
Moderate: Red Hat Security Advisory: nodejs010-nodejs security update
Updated nodejs010-nodejs packages that fix one security issue are now available for Red Hat Software Collections 1. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
pineapp mailsecure remote no authenticated privilege escalation & remote execution code
Hi, related this: http://seclists.org/fulldisclosure/2013/Nov/136 In February 2013 I send Pineapp the following information: ----------------------------------------------------------------- It is possible execute any command bash as qmailq unprivilege user, sending only the following https...
MGASA-2013-0360 Updated subversion package fixes security vulnerabilities
moddontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured b...
CVE-2013-6918
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests...
CVE-2013-3030
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
Code injection
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
CVE-2013-3030
The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote attackers to cause a denial of service temporary gateway outage via crafted HTTP requests...
omniauth-facebook Gem for Ruby Unspecified CSRF
omniauth-facebook Gem for Ruby contains a flaw as HTTP requests do not require multiple steps, explicit confirmation, or a unique token when performing certain sensitive actions. By tricking a user into following a specially crafted link, a context-dependent attacker can perform a Cross-Site...
Practico 13.9 Multiple Vulnerabilities
Summary Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without programming knowledge. Description Practico suffers from multiple vulnerabilities including Cross-Site Scripting XSS, SQL Injection SQ...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely visual and fast fashion. Without...
Practico 13.9 - Multiple Vulnerabilities
Practico 13.9 - Multiple Vulnerabilities Practico 13.9 Multiple Vulnerabilities Vendor: Practico Product web page: http://www.codigoabierto.org Affected version: 13.9 Summary: Practico is a free CMS software project released under license GNU GPL v2.0 for creating web applications in a completely...