Lucene search
K

24 matches found

CERT
CERT
added 2012/11/12 12:0 a.m.30 views

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...

3.5CVSS5.8AI score0.01067EPSS
Exploits0References1
CERT
CERT
added 2010/02/25 12:0 a.m.47 views

APC Network Management Card web interface vulnerable to cross-site scripting and cross-site request forgery

Overview The web management interface for the APC Network Monitoring Card NMC used in various APC devices contains cross-site scripting XSS and cross-site request forgery CSRF/XSRF vulnerabilities. By convincing a victim to load a specially crafted URL while authenticated to an NMC, an attacker...

6.8CVSS6AI score0.01994EPSS
Exploits1References6
Atlassian
Atlassian
added 2010/02/24 1:11 a.m.17 views

Version number

I notice that the JIRA footer displays the current version of JIRA. Revealing the specifics of the revisions of software that you run in production is generally considered a bad security practice. Is there a reason that it is displayed openly to all users in licensed versions of the product? Is i...

4.8AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/07/10 6:30 p.m.18 views

Restrict the transmission of Confluence version details

I noticed that on several installs, Confluence by default displays its full version number and sometimes build number to the world. It is a commonly accepted web security practice to withhold all product details, including version information, except to users on a "need to know" basis. Otherwise,...

2.6AI score
Exploits0Affected Software1
Rows per page
Query Builder