Lucene search
K

67 matches found

Atlassian
Atlassian
added 2012/09/12 3:55 a.m.20 views

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

0.4AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2012/09/12 3:55 a.m.22 views

Reflected XSS within the username parameter of the /user/non-system/{username} rest resource

The confluence-rest-plugin has a rest resource to look up "non-system" users which takes in a username. If given username supplied is not found then it is included in an xml error message without being xml encoded and thus is a XSS vector. That is, and other such xml special characters are not...

0.4AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/12/04 12:0 a.m.157 views

[PT-2011-43] Database information disclosure in Kayako Fusion

---------------------------------------------------------------------- PT-2011-43 Positive Technologies Security Advisory Database information disclosure in Kayako Fusion ---------------------------------------------------------------------- --- Vulnerable software Kayako Fusion Link:...

7AI score
Exploits0
Atlassian
Atlassian
added 2011/02/09 1:53 p.m.21 views

User Enumeration

Security auditing tests performed on a Jira Bug Issue and Project Tracking Software locally running instance shown that at least two vulnerabilities regarding User Enumeration were found within the software. Case 1: Logged In Whenever a logged user accesses the Url...

1.1AI score
Exploits0
Exploit DB
Exploit DB
added 2008/05/11 12:0 a.m.41 views

Vortex CMS - 'pageid' Blind SQL Injection

php '.$argv0.' http://www.site.com/cms/ 1 1 '; if $argc 1 printr' '; echo 'Searching for Admin: '; for$i=1; $i = 50; $i++ $temp1 = filegetcontents$argv1.'index.php?pageid='.$argv2.''and+lengthselect+username+from+systemuserslogins+where+id='.$argv3.'='.$i.'/'; if strpos$temp1,'Sorry, the page you...

7AI score
Exploits0
FreeBSD
FreeBSD
added 2004/08/24 12:0 a.m.24 views

openoffice -- document disclosure

OpenOffice creates a working directory in /tmp on startup, and uses this directory to temporarily store document content. However, the permissions of the created directory may allow other user on the system to read these files, potentially exposing information the user likely assumed was...

2.1CVSS6.2AI score0.00559EPSS
Exploits1References3
CVE
CVE
added 2000/01/18 5:0 a.m.77 views

CVE-1999-0259

CVE-1999-0259 describes an information-disclosure vulnerability in cfingerd where a remote attacker can list system users by issuing a finger search (finger search.*@target). The affected component is cfingerd; the underlying root cause is a bug in the search handling that exposes user lists. Doc...

5CVSS6.7AI score0.01403EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder