24 matches found
Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability
Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...
APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery
Overview The web management interface for the APC Network Monitoring Card NMC used in various APC devices contains cross-site scripting XSS and cross-site request forgery CSRF/XSRF vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker...
Version number
I notice that the JIRA footer displays the current version of JIRA. Revealing the specifics of the revisions of software that you run in production is generally considered a bad security practice. Is there a reason that it is displayed openly to all users in licensed versions of the product? Is i...
Restrict the transmission of Confluence version details
I noticed that on several installs, Confluence by default displays its full version number and sometimes build number to the world. It is a commonly accepted web security practice to withhold all product details, including version information, except to users on a "need to know" basis. Otherwise,...