Lucene search
K

970 matches found

Fedora
Fedora
added 2014/10/28 6:39 a.m.59 views

[SECURITY] Fedora 20 Update: devscripts-2.14.10-1.fc20

Scripts to make the life of a Debian Package maintainer easier...

5.8CVSS6.4AI score0.0373EPSS
Exploits1
Drupal
Drupal
added 2014/10/08 12:0 a.m.13 views

SA-CONTRIB-2014-096 - OAuth2 Client - Cross Site Scripting (XSS)

OAuth2 Client is an API support module, enabling other modules to connect to services using OAuth2 authentication. Within its API code the Client class exposes variables in an error message, which originate from a third party source without proper sanitisation thus leading to a Cross Site Scripti...

6.9AI score
Exploits0References10
Drupal
Drupal
added 2014/09/17 12:0 a.m.12 views

SA-CONTRIB-2014-090 - Speech recognition - Multiple vulnerabilities

This module enables you to add speech recognition to forms, allowing site admins to enable experimental Speech Input API features on form inputs through the user interface. Cross Site Scripting XSS The module incorrectly prints fields without proper sanitization thereby opening a Cross Site...

6.3AI score
Exploits0References11
Drupal
Drupal
added 2014/05/14 12:0 a.m.17 views

SA-CONTRIB-2014-050 - Commerce Postfinance ePayment - Access Bypass

The Commerce Postfinance ePayment module provides commerce payment methods for the Postfinance e-Payment service provider. The module doesn't sufficiently validate incoming payment notification IPN messages. Sending a specifically crafted IPN message to an affected site allows an attacker to crea...

6.9AI score
Exploits0References12
Fedora
Fedora
added 2014/05/13 7:24 p.m.14 views

[SECURITY] Fedora 20 Update: abrt-2.2.1-2.fc20

abrt is a tool to help users to detect defects in applications and to create a bug report with all information needed by maintainer to fix it. It uses plugin system to extend its functionality...

0.6AI score
Exploits0
Drupal
Drupal
added 2014/04/09 12:0 a.m.11 views

SA-CONTRIB-2014-040 - Skeleton theme - Cross Site Scripting

The Skeleton theme is a responsive Drupal theme, built upon the Skeleton Boilerplate. The Skeleton theme does not properly sanitize theme settings before they are used in the output of a page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission...

7.1AI score
Exploits0References11
Drupal
Drupal
added 2014/03/05 12:0 a.m.24 views

SA-CONTRIB-2014-029 - Mime Mail - Access Bypass

The MIME Mail module allows to send MIME-encoded e-mail messages with embedded images and attachments. By default the module only allows files to be embedded or attached that are located in the public files directory. The module doesn't sufficiently check the file location, considering similar...

7.3AI score
Exploits0References11
Drupal
Drupal
added 2014/02/26 12:0 a.m.23 views

SA-CONTRIB-2014-023 - Project Issue File Review - XSS

The Project Issue File Review PIFR module provides an abstracted client-server model and plugin API for performing distributed operations such as code review and testing, with a focus on supporting Drupal development. Two scenarios were identified where the module does not sufficiently sanitize...

4.3CVSS6.3AI score0.01161EPSS
Exploits0References11
Fedora
Fedora
added 2014/01/03 2:58 p.m.25 views

[SECURITY] Fedora 20 Update: devscripts-2.13.9-1.fc20

Scripts to make the life of a Debian Package maintainer easier...

5.8CVSS6.4AI score0.02457EPSS
Exploits1
Fedora
Fedora
added 2013/12/21 2:17 a.m.33 views

[SECURITY] Fedora 20 Update: devscripts-2.13.5-2.fc20

Scripts to make the life of a Debian Package maintainer easier...

6.8CVSS6.4AI score0.01903EPSS
Exploits1
Drupal
Drupal
added 2013/08/07 12:0 a.m.26 views

SA-CONTRIB-2013-065 - Organic Groups - Access Bypass

This module enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. The module allows any authenticated user to guess the node ID of private groups, and subscribe to them without...

4.3CVSS4.5AI score0.01157EPSS
Exploits0References11
exploitpack
exploitpack
added 2013/05/13 12:0 a.m.26 views

No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow

No-IP Dynamic Update Client DUC 2.1.9 - Local IP Address Stack Overflow !/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the...

Exploits0
Packet Storm
Packet Storm
added 2013/05/12 12:0 a.m.39 views

No-IP Dynamic Update Client 2.1.9 Stack Overflow

!/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the most used Dynamic DNS provider worldwide, their Dynamic Update Client D...

0.2AI score
Exploits0
Drupal
Drupal
added 2013/02/27 12:0 a.m.26 views

SA-CONTRIB-2013-031 - Premium Responsive theme - Cross Site Scripting (XSS)

This third-party contributed theme change Drupal's interface. The theme doesn't properly sanitize user-entered content in the 3 slide gallery on the homepage leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker would have to have the...

2.1CVSS5.6AI score0.00941EPSS
Exploits0References10
Drupal
Drupal
added 2013/02/20 12:0 a.m.17 views

SA-CONTRIB-2013-019 - Ubercart Views - Cross site scripting (XSS)

Ubercart Views provides Views integration for the Ubercart shopping cart module. The "full name" field in Views is not properly sanitized on output. The vulnerability is mitigated by the fact that an attacker must get far enough in the checkout process to store their name with an order. CVE...

4.3CVSS6.4AI score0.01161EPSS
Exploits0References10
Drupal
Drupal
added 2013/02/13 12:0 a.m.23 views

SA-CONTRIB-2013-015 - Manager Change for Organic Groups - Cross site scripting (XSS)

This module extends Organic Groups to allow the manager of a group to select a new manager for their group ie if they want to leave the group. The autocomplete field for selecting a new manager didn't properly filter usernames. The vulnerability is mitigated by the fact that Drupal's default...

4.3CVSS5.9AI score0.01161EPSS
Exploits0References9
Drupal
Drupal
added 2012/09/19 12:0 a.m.20 views

SA-CONTRIB-2012-143 PRH Search - Cross Site Scripting (XSS)

PRH Search provides an interface to search for association information for Finnish association using the PRH Patentti- ja Rekisterihallitus database. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection vulnerability XSS...

7.1AI score
Exploits0References9
OSV
OSV
added 2012/09/15 12:0 a.m.28 views

DSA-2549-1 devscripts - multiple

Bulletin has no description...

7.5CVSS5.9AI score0.03154EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2012/09/09 9:55 p.m.25 views

CVE-2012-1580

Cross-site request forgery CSRF vulnerability in Special:Upload in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upload files...

6.8CVSS5.9AI score0.01526EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2012/09/09 9:55 p.m.20 views

CVE-2012-1578

Multiple cross-site request forgery CSRF vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permission for requests that 1 block a user via a request to the Block module or 2 unblock a user via a...

6.8CVSS5.9AI score0.01315EPSS
Exploits0References2
Rows per page
Query Builder