Lucene search
+L

1406 matches found

Packet Storm
Packet Storm
added 2014/02/19 12:0 a.m.26 views

BP Group Documents 1.2.1 XSS / CSRF / File Move

Details below. We intended to publish these earlier, but they slipped through the net. The most recent version is 1.5, and all these were reported fixed in 1.2.2. First one: https://security.dxw.com/advisories/stored-xss-vulnerability-in-bp-group-documents-1-2-1/ Details ================ Software...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2013/08/12 12:0 a.m.38 views

Apache mod_dav_svn DoS

Assertion failure on COPY, DELETE and MOVE commands processing...

4CVSS2.6AI score0.04383EPSS
Exploits0References1
OSV
OSV
added 2013/07/31 1:20 p.m.2 views

DEBIAN-CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

4CVSS6.7AI score0.04383EPSS
Exploits0References1
Prion
Prion
added 2013/07/31 1:20 p.m.20 views

Out-of-bounds

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

4CVSS6.6AI score0.04383EPSS
Exploits0References6Affected Software1
UbuntuCve
UbuntuCve
added 2013/07/31 1:20 p.m.33 views

CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

4CVSS7.2AI score0.04383EPSS
Exploits0References2
OSV
OSV
added 2013/07/31 1:20 p.m.3 views

UBUNTU-CVE-2013-4131

The moddavsvn Apache HTTPD server module in Subversion 1.7.0 through 1.7.10 and 1.8.x before 1.8.1 allows remote authenticated users to cause a denial of service assertion failure or out-of-bounds read via a certain 1 COPY, 2 DELETE, or 3 MOVE request against a revision root...

4CVSS7.3AI score0.04383EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2013/03/12 11:55 p.m.4 views

CVE-2013-0168

The MoveDisk command in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to cause a denial of service free space consumption of other storage domains via unspecified vectors...

4CVSS5.6AI score0.01919EPSS
Exploits0References6
Veeam
Veeam
added 2013/02/08 12:0 a.m.18 views

How to Relocate Veeam Backup & Replication Backup Files

Other Data Relocation-Related Articles KB2236 --Moving backup files to/from a Scale-Out Backup Repository. KB2321 -- Changing the backup location of Veeam Agent jobs operating in Standalone mode not directly controlled by Veeam Backup & Replication but targeting a Veeam Backup & Replication...

5.7AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2012/12/04 6:52 p.m.8 views

rhev-m: MoveDisk ignores the disk's wipe-after-delete property

Red Hat Enterprise Virtualization Manager RHEV-M before 3.1, when moving disks between storage domains, does not properly wipe-after-delete, which prevents disks from being securely deleted and might allow local users to obtain sensitive information via unspecified vectors...

2.1CVSS5.8AI score0.00352EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/08/29 4:19 a.m.9 views

Mozilla: SVG buffer overflow and use-after-free issues (MFSA 2012-63)

Use-after-free vulnerability in the nsTArraybase::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arbitrary code or cause a denial of service...

10CVSS7.8AI score0.05194EPSS
Exploits0References4
NVD
NVD
added 2012/06/29 7:55 p.m.16 views

CVE-2012-1122

bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...

3.6CVSS6.1AI score0.02425EPSS
Exploits1References13
UbuntuCve
UbuntuCve
added 2012/06/29 7:55 p.m.22 views

CVE-2012-1122

bugactiongroup.php in MantisBT before 1.2.9 does not properly check the reportbugthreshold permission of the receiving project when moving a bug report, which allows remote authenticated users with the reportbugthreshold and movebugthreshold privileges for a project to bypass intended access...

3.6CVSS5.9AI score0.02425EPSS
Exploits1References1
Atlassian
Atlassian
added 2012/06/22 1:38 a.m.19 views

XSS vulnerability in the "move" page action with html/js in the page name

There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...

2.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/06/22 1:38 a.m.21 views

XSS vulnerability in the "move" page action with html/js in the page name

There is an persistent xss vector in the 'move' page action on a page, where the javascript/html payload is included in the name of the page. Steps to reproduce: 1.create a page named: "''/'kasdfjas'dfasdf 2. on the page click on the "move" option under the tools drop-down menu 3. see an alert bo...

2.7AI score
Exploits0
OSV
OSV
added 2011/03/18 4:55 p.m.3 views

DEBIAN-CVE-2009-5056

Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...

2.1CVSS6.7AI score0.00892EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2011/03/18 4:55 p.m.4 views

CVE-2009-5056

Open Ticket Request System OTRS before 2.4.0-beta2 does not properly enforce the moveinto permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-ticket...

2.1CVSS5.6AI score0.00892EPSS
Exploits1References3
The Hacker News
The Hacker News
added 2010/12/16 2:28 p.m.13 views

Former Hacker Li Jun Donates to Panda Research Center

In 2006, Li Jun, a Chinese man, was jailed for creating the ‘Fujacks’ worm. Recently, he appears to be attempting to rehabilitate his public image by making a donation to a panda research center in China. Li Jun was arrested in February 2007 and charged with writing and selling the "Panda Burning...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/11/23 12:0 a.m.37 views

Fedora 13 : dhcp-4.1.1-27.P1.fc13 (2010-17303)

Thu Nov 4 2010 Jiri Popelka - 12:4.1.1-27.P1 - Fix for CVE-2010-3611 649880 - Wed Oct 13 2010 Jiri Popelka - 12:4.1.1-26.P1 - Server was ignoring client's Solicit where client included address/prefix as a preference 634842 - Tue Sep 7 2010 Jiri Popelka - 12:4.1.1-25.P1 - Hardening...

5CVSS6.4AI score0.76412EPSS
Exploits7References3
exploitpack
exploitpack
added 2010/09/16 12:0 a.m.12 views

mojoportal - Multiple Vulnerabilities

mojoportal - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | | | | | || / \ || | | | || ||// \/|/ ''' Abysssec Inc Public Advisory Title : mojoportal Multiple Remote Vulnerabilities Affected Version : mojoPortal 2-3-4-3 Discovery :...

0.3AI score
Exploits0
securityvulns
securityvulns
added 2010/08/14 12:0 a.m.19 views

TurboFTP FTP Server directory traversal

Directory traversal via mkdir and move command...

4.5AI score
Exploits0References2Affected Software1
Rows per page
Query Builder