Lucene search
+L

120 matches found

NVD
NVD
added 2015/03/07 2:59 a.m.17 views

CVE-2015-0895

Cross-site request forgery CSRF vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that delete logs of 404 aka Not Found HTTP status codes...

6.8CVSS7.1AI score0.01076EPSS
Exploits0References3
Patchstack
Patchstack
added 2015/01/08 12:0 a.m.21 views

WordPress All In One WP Security & Firewall Plugin <= 3.8.9 - CSRF

Because of this vulnerability, attacker can hijack the authentication of administrators for requests that delete logs of 404 HTTP status codes. Solution Update the plugin...

6.8CVSS2.2AI score0.01076EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2014/05/29 10:48 p.m.26 views

Parsero v0.75 - Attacking Robots.txt Files

Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries tell the search engines what directories or files hosted on a web server mustn't be indexed. For example, "Disallow: /portal/login" means that the...

7.2AI score
Exploits0References1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.17 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.20 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/04/30 9:37 a.m.17 views

Unauthenticated User can access certain pages on a private JIRA instance

When you enter the URL of a private JIRA instance on the Quick Search from the login page, you will be directed to the Issue Navigator. !mark2.jpg|thumbnail! If you click the "Status" drop down button, you the unauthenticated user would be able to see the status codes. !mark1.jpg|thumbnail! If yo...

2.9AI score
Exploits0
Kitploit
Kitploit
added 2014/03/05 7:59 p.m.31 views

[Parsero] Robots.txt audit tool

.PNG Parsero is a free script written in Python which reads the Robots.txt file of a web server and looks at the Disallow entries. The Disallow entries are the URL path of directories or files hosted on a web server which the administrators don't want to be indexed by the crawlers. For example,...

7.5AI score
Exploits0References1
Prion
Prion
added 2013/11/13 3:55 p.m.26 views

Out-of-bounds

net/http/httpstreamparser.cc in Google Chrome before 31.0.1650.48 does not properly process HTTP Informational aka 1xx status codes, which allows remote web servers to cause a denial of service out-of-bounds read via a crafted response...

5CVSS6.5AI score0.05338EPSS
Exploits2References13Affected Software1
NVD
NVD
added 2013/10/28 3:42 a.m.35 views

CVE-2013-6020

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

5.8CVSS6.5AI score0.01281EPSS
Exploits0References1
Prion
Prion
added 2013/10/28 3:42 a.m.19 views

Code injection

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

5.8CVSS6.8AI score0.01281EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/10/28 1:0 a.m.29 views

CVE-2013-6020

passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends different HTTP status codes for invalid password-recovery requests depending on whether the user account exists, which allows remote attackers to enumerate account names via a series of requests to the 1 Assessor, 2 Recorder, or ...

6.5AI score0.01281EPSS
Exploits0References1
CVE
CVE
added 2013/10/28 1:0 a.m.49 views

CVE-2013-6020

The issue (CVE-2013-6020) affects Tyler Technologies TaxWeb 3.13.3.1 and its Password Reset flow (passwordRequestPOST.jsp). The root cause is that invalid password-recovery requests return different HTTP status codes depending on whether the target user exists, enabling remote attackers to enumer...

5.8CVSS6.7AI score0.01281EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2013/04/01 4:55 p.m.24 views

CVE-2013-2264

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition BE C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits...

5CVSS5.9AI score0.01252EPSS
Exploits0References3
Cvelist
Cvelist
added 2013/03/29 6:0 p.m.25 views

CVE-2013-2264

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition BE C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits...

6.3AI score0.01252EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2013/01/21 12:0 a.m.35 views

CentOS Update for httpd CESA-2013:0130 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS7.3AI score0.6477EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.35 views

Scientific Linux Security Update : httpd on SL4.x i386/x86_64

A flaw was found in the Apache HTTP Server modproxy module. On sites where a reverse proxy is configured, a remote attacker could send a carefully crafted request that would cause the Apache child process handling that request to crash. On sites where a forward proxy is configured, an attacker...

5CVSS7.1AI score0.12901EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2011/06/01 12:0 a.m.29 views

Nmap NSE net: http-enum

Enumerates directories used by popular web applications and servers. This parses a fingerprint file that's formatted in a way that's compatible with the Nikto Web application scanner. This script, however, takes it one step further by building in advanced pattern matching as well as having the...

0.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2007/11/15 1:27 p.m.36 views

Moderate: Red Hat Security Advisory: httpd security, bug fix, and enhancement update

Updated httpd packages that fix a security issue, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web...

5CVSS7AI score0.12901EPSS
Exploits0References9
NVD
NVD
added 2007/03/19 10:19 p.m.21 views

CVE-2007-1504

Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...

4.3CVSS5.8AI score0.01551EPSS
Exploits0References8
Prion
Prion
added 2007/03/19 10:19 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Servlet Service in Fujitsu Interstage Application Server IJServer 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes...

4.3CVSS6.3AI score0.01551EPSS
Exploits0References8Affected Software2
Rows per page
Query Builder