123 matches found
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...
tomcat: Session fixation
A session fixation flaw was found in the way Tomcat recycled the requestedSessionSSL field. If at least one web application was configured to use the SSL session ID as the HTTP session ID, an attacker could reuse a previously used session ID for further requests...
The vulnerability of the Apache Tomcat application server allows attackers to gain access to web sessions.
The vulnerability of the Apache Tomcat application server is related to deficiencies in establishing the session identifier. Exploiting this vulnerability allows a malicious actor to gain access to web sessions by utilizing the requestedSessionSSL field in the request...
appRain 4.0.3 Path Traversal
Security Advisory - Curesec Research Team 1. Introduction Affected Product: appRain 4.0.3 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: [email protected] Vulnerability Type: Path Traversal Remote Exploitable: Yes Reported to vendor: 10/02/2015 Disclosed to public: 12/02/2015 Release...
WordPress Contact Form plugin <= 2.7.5 - SQL Injection
No description provided by source. Exploit Title: WordPress Contact Form plugin = 2.7.5 SQL Injection Vulnerability Date: 2011-10-13 Author: Skraps jackie.craig.sparksatlive.com jackie.craig.sparksatgmail.com @skrapsfoo Software Link: http://downloads.wordpress.org/plugin/contact-form-wordpress.z...
Snowblind 1.0/1.1 Web Server File Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7618/info It has been announced that Snowblind Web Server is vulnerable to a condition that may result in the disclosure of potentially sensitive information. According to the report, Snowblind Web Server does not perform...
Framework: cross-site scripting flaw when using Spring MVC
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
Framework: cross-site scripting flaw when using Spring MVC
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
UBUNTU-CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2014-1904
Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...
CVE-2013-1413
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2013-1413 CSNC ID: CSNC-2013-003 Product: i-doit Vendor: synetics Gesellschaft fьr Systemintegration mbH Subject: Cross-site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Stephan Rickauer [email protected] Date:...
PYSEC-2011-30
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
PYSEC-2011-30
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...
DEBIAN-CVE-2011-0696
Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged AJAX requests that leverage a "combination of browser plugins...
DEBIAN-CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
Cross site request forgery (csrf)
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
CVE-2011-0447
Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before 3.0.4, does not properly validate HTTP requests that contain an X-Requested-With header, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via forged 1 AJAX or 2 API requests that...
CVE-2011-0447
CVE-2011-0447: Ruby on Rails 2.1.x–2.3.x before 2.3.11 and 3.x before 3.0.4 fail to properly validate an X-Requested-With header in HTTP requests, enabling remote attackers to perform CSRF via forged AJAX or API requests that leverage browser plugins and redirects. Affected versions include Rails...