Lucene search
K

1212 matches found

seebug.org
seebug.org
added 2013/08/27 12:0 a.m.31 views

Apache OFBiz嵌套表达式任意UEL执行漏洞

Bugtraq ID:61369 CVE ID:CVE-2013-2250 Apache OFBiz是一款开源的ERP系统 Apache OFBiz没有正确校验参数值,如果提供的参数包含JUEL元字符,可导致执行任意统一表达式语言UEL函数 0 Apache OFBiz 10.04.01 - 10.04.05 Apache OFBiz 11.04.01 - 11.04.02 Apache OFBiz 12.04.01 厂商解决方案 Apache OFBiz 10.04.06, 11.04.03或12.04.02已经修复此漏洞,建议用户下载更新: http://ofbiz.apache.o...

10CVSS6.5AI score0.12138EPSS
Exploits1
CVE
CVE
added 2013/05/09 10:0 a.m.47 views

CVE-2013-1224

CVE-2013-1224 affects Cisco Unified CVP (Resource Manager) prior to 9.0.1 ES 11. A directory traversal flaw allows remote attackers to overwrite arbitrary files by sending crafted HTTP or HTTPS requests that bypass parameter validation (Bug CSCub38369). The issue is tied to the Resource Manager c...

7.8CVSS6.9AI score0.02116EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/05/09 10:0 a.m.24 views

CVE-2013-1224

Directory traversal vulnerability in the Resource Manager in Cisco Unified Customer Voice Portal CVP Software before 9.0.1 ES 11 allows remote attackers to overwrite arbitrary files via a crafted 1 HTTP or 2 HTTPS request that triggers incorrect parameter validation, aka Bug ID CSCub38369...

6.7AI score0.02116EPSS
Exploits0References1
Saint
Saint
added 2012/08/29 12:0 a.m.24 views

SAP NetWeaver SAPHostControl Command Injection

Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...

0.5AI score
Exploits0
Drupal
Drupal
added 2012/07/11 12:0 a.m.25 views

SA-CONTRIB-2012-110 - Colorbox Node - Cross Site Scripting (XSS)

Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn't sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into t...

4.3CVSS6.5AI score0.01161EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2012/06/27 12:0 a.m.109 views

Oracle iPlanet Web Server 7.0.x < 7.0.15 Multiple Vulnerabilities

According to its self-reported version, the Oracle iPlanet Web Server formerly Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.15. It is, therefore, affected by the following vulnerabilities : - Multiple cross-site scripting vulnerabilities exist due to parameter...

6.8CVSS6.1AI score0.02912EPSS
Exploits0References6
Prion
Prion
added 2012/06/20 5:55 p.m.27 views

Design/Logic Flaw

The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the shared secret key by modifying network traffic, a related issue to CVE-2011-5095...

4CVSS6.5AI score0.02088EPSS
Exploits0References4Affected Software1
Atlassian
Atlassian
added 2012/05/06 11:36 p.m.14 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/05/06 11:36 p.m.20 views

OauthApplinksServlet Open Redirect

The OauthApplinksServlet servlet has an open redirect vulnerability in the doGet that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated before redirec...

0.5AI score
Exploits0
Atlassian
Atlassian
added 2012/05/06 11:31 p.m.17 views

AddConsumerReciprocalServlet Open Redirect

The AddConsumerReciprocalServlet servlet has an open redirect vulnerability in the doGet method that will allow phishers to lure users away from legitimate JIRA hosted sites. An open redirect vulnerability is caused by an attacker having control over a request parameter that hasn’t been validated...

Exploits0Affected Software1
NVD
NVD
added 2012/04/10 9:55 p.m.23 views

CVE-2012-0163

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

9.3CVSS7.4AI score0.38251EPSS
Exploits1References5
Prion
Prion
added 2012/04/10 9:55 p.m.25 views

Input validation

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via 1 a crafted XAML browser application aka XBAP, 2 a crafted ASP.NET application, or 3 a crafted .NET Framework...

9.3CVSS8AI score0.38251EPSS
Exploits1References5Affected Software1
Saint
Saint
added 2011/11/21 12:0 a.m.21 views

Oracle Hyperion Financial Management ActiveX Heap Overflow

Added: 11/21/2011 BID: 50565 OSVDB: 76913 Background Oracle Hyperion Financial Management is a web-based financial consolidation, reporting and analysis solution. Problem Hyperion Financial Management webapp installs an ActiveX control on the target system. This control is marked as safe for...

0.1AI score
Exploits0
Prion
Prion
added 2011/07/13 11:55 p.m.22 views

Information disclosure

win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does not properly validate the arguments to functions, which allows local users to read arbitrary data from kernel memory via a crafted application that triggers a NULL pointer dereference, aka "Win32k Incorrect Parameter Validatio...

2.1CVSS6.3AI score0.01878EPSS
Exploits0References8
seebug.org
seebug.org
added 2011/05/20 12:0 a.m.44 views

Linux Kernel &quot;ip_expire()&quot;拒绝服务漏洞

CVE ID:CVE-2011-1927 Linux是一款开放源代码的操作系统。 net/ipv4/ipfragment.c提供的"ipexpire"函数存在错误,传递给devnet函数的参数缺少校验,向系统发送分片报文可导致由空指针引用的内核崩溃。 Linux Kernel 2.6.x 厂商解决方案 Linux Kernel 2.6.39已经修复此漏洞,建议用户下载使用: http://www.kernel.org/...

5CVSS6.8AI score0.02591EPSS
Exploits2
OpenVAS
OpenVAS
added 2011/02/09 12:0 a.m.26 views

Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Remote Code Execution (2485376)

This host is missing a critical security update according to Microsoft Bulletin MS11-007. OpenVAS Vulnerability Test $Id: secpodms11-007.nasl 5362 2017-02-20 12:46:39Z cfi $ Vulnerability in the OpenType Compact Font Format CFF Driver Could Allow Remote Code Execution 2485376 Authors: Madhuri D...

9.3CVSS0.7AI score0.20731EPSS
Exploits0References2
securityvulns
securityvulns
added 2010/02/16 12:0 a.m.67 views

LDF &#40;Default.asp&#41; Sql Injection Vulnerability

Product : LDF vendor : www.ldf.22.cn Vulnerable Versions : All Default.asp Page has an issue on validating "Page" parameter , It could be exploited by attacker & attacker can inject arbitrary Sql Commands http://www.example.com/ldf path/default.asp?page=SQL COMMAND...

2.6AI score
Exploits0
Packet Storm
Packet Storm
added 2010/02/12 12:0 a.m.29 views

Vito CMS SQL Injection

Exploit Title: Vito CMS SQL Injection Vulnerability Date: 2010-02-11 Author: [email protected] Software Link: http://kameleon-lab.com/vito-cms.php it isn't download link, because it is not free Version: n/a .:. Author : [email protected] .:. Contact: [email protected], [email protected] .:. Hom...

0.9AI score
Exploits0
securityvulns
securityvulns
added 2009/10/30 12:0 a.m.55 views

CVE-2009-1979 &#40;Oracle RDBMS&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi. This vulnerability was ranked 10.0 for Windows in CPUoct2009 and related to improper AUTHSESSKEY parameter length validation. http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuoct2009.html Executable + source code attached...

2.1AI score0.76361EPSS
Exploits11
ATTACKERKB
ATTACKERKB
added 2009/08/27 8:30 p.m.6 views

CVE-2008-7102

DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx files instead of skin files, and possibly access privileged functionality, via unknown vectors related to parameter validation...

7.5CVSS5.8AI score0.01413EPSS
Exploits0References6
Rows per page
Query Builder