CVE-2016-0248

IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows man-in-the-middle attackers to obtain sensitive query-string information from SSL sessions via unspecified vectors...

CVE-2016-5165

Removed by vendor...

CVE-2016-7034

It has been reported that CSRF tokens are not properly handled in JBoss BPM suite dashbuilder. Old tokens generated during an active session can be used to bypass CSRF protection. In addition, the tokens are sent in query string so they can be exposed through the browser's history, referrers, web...

Red Hat OpenShift Enterprise Certificate Acquisition Vulnerability

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform that builds, tests, deploys, and runs applications.OpenShift Enterprise is an open source version of the private cloud. Red Hat OpenShift Enterprise has a security vulnerability that allows a remote attacker to exploit the...

Updated cgit packages fix security vulnerability

Reflected Cross Site Scripting and Header Injection in Mimetype Query String in cgit before 0.12 CVE-2016-1899. Stored Cross Site Scripting and Header Injection in Filename Parameter in cgit before 0.12 CVE-2016-1900. Integer Overflow resulting in Buffer Overflow in cgit before 0.12 CVE-2016-1901...

Automattic: XSS at www.woothemes.com

This XSS vulnerability can be used against IE browsers. There is an XSS filter in modern IE browsers, so to reproduce we should turn XSS filter off http://answers.microsoft.com/en-us/ie/forum/ie9-windows7/how-do-i-turn-off-cross-site-scripting-i-can-no/f3058b73-4956-e011-8dfc-68b599b31bf5?auth=1,...

CVE-2015-4534

Java Method Server JMS in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the methodverb parameter...

CakePHP 3.0.4 Released

CakePHP 3.0.4 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 3.0.4. This is a maintenance release that contains security fixes and bugfixes. Security Fixes There are two issues that can impact the security of a CakePHP application: CsrfComponent fails to...

New Atlanta BlueDragon Directory Traversal Vulnerability

New Atlanta BlueDragon is a ColdFusion Markup Language engine. A directory traversal vulnerability in New Atlanta BlueDragon's CFChart servlet allows an attacker to read or delete arbitrary files due to a failure to adequately filter the 'QUERYSTRING' value in the cfchart.cfchart file...

Magento Server MAGMI plugin cross-site scripting vulnerability

Magento is the United States Magento company's set of professional open source PHP e-commerce system , it provides rights management , search engine and payment gateway features such as Magento Server is the Magento server . MAGMI aka Magento Mass Importer is one of the product catalogs used to...

WordPress plugin WooCommerce cross-site scripting vulnerability (CNVD-2015-01281)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...

CVE-2015-2069

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php...

CVE-2014-10012

Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

WordPress Another WordPress Classifieds Plugin - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the query string to the default URI. Solution Update the plugin...

PT-2015-3656 · WordPress · Wordpress Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: Another WordPress Classifieds Plugin affected versions not specified Description: The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI, which is a cross-site scripting XSS...

IPCop Cross-Site Scripting Vulnerability

IPCop is a Linux-based firewall suite developed by IPCop team, which is mainly for home and SOHO users, providing firewall functions and allowing monitoring and management of various information through some TCP/IP business rules. A cross-site scripting vulnerability exists in versions prior to...

D-link IP camera DCS-2103 with firmware cross-site scripting vulnerability

D-link IP camera DCS-2103 is a camera for IP surveillance solution. A cross-site scripting vulnerability exists in D-link IP camera DCS-2103 with firmware versions prior to 1.20, which allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING parameter in vb.htm...

CVE-2014-9243

Multiple cross-site scripting XSS vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to wb/admin/admintools/tool.php or 2 sectionid parameter to editmodulefiles.php, 3 news/addpost.php, 4 news/modifygroup.php, 5...

WordPress Paid Memberships Pro Plugin 1.7.14 - Directory Traversal

This vulnerability is in the services/getfile.php, It allows the attackers to read arbitrary files in the QUERYSTRING in a getfile action to wp-admin/admin-ajax.php. Solution Update the plugin...