Lucene search
K

117 matches found

Hacker One
Hacker One
added 2016/05/10 2:50 p.m.1764 views

Vimeo: All Vimeo Private videos disclosure via Authorization Bypass

Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...

0.3AI score
Exploits0
CNVD
CNVD
added 2015/09/16 12:0 a.m.3 views

Serendipity SQL Injection Vulnerability (CNVD-2015-06035)

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An SQL injection vulnerability exists in the 'serendipitycheckCommentToken' function in the include/functionscomments.inc.php script in...

6CVSS8.4AI score0.01246EPSS
Exploits1References1
myhack58
myhack58
added 2014/09/11 12:0 a.m.107 views

freeshell fix side-channel attack vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability science Side-channel attacksside channel attack referred to as SCA, also known as side-channel attacks:for the encryption of electronic devices during the run time consumption, power consumption or electromagnetic radiation or the like of the side-channel information leakage and...

0.8AI score
Exploits0
Prion
Prion
added 2014/07/23 2:55 p.m.15 views

Code injection

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...

5CVSS6.7AI score0.017EPSS
Exploits2References7Affected Software2
Cvelist
Cvelist
added 2014/07/23 2:0 p.m.39 views

CVE-2014-4980

The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...

6.1AI score0.017EPSS
Exploits2References7
CVE
CVE
added 2014/07/23 2:0 p.m.54 views

CVE-2014-4980

The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...

5CVSS6.2AI score0.017EPSS
Exploits2References7Affected Software2
NVD
NVD
added 2014/03/18 5:2 p.m.25 views

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

4.3CVSS5.7AI score0.02164EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2014/03/18 5:2 p.m.34 views

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

4.3CVSS5.9AI score0.02164EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2014/03/18 5:2 p.m.2 views

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

4.3CVSS5.4AI score0.02164EPSS
Exploits1References8
Prion
Prion
added 2014/03/18 5:2 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

4.3CVSS6AI score0.02164EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2014/03/18 2:0 p.m.25 views

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

6.1AI score0.02164EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2013/09/21 12:0 a.m.30 views

Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)

SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...

6.1CVSS6AI score0.02084EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2013/02/06 12:0 a.m.23 views

Incapsula Component for Joomla! 'token' Parameter Multiple XSS

The version of the Incapsula component for Joomla! running on the remote host is affected by multiple cross-site scripting XSS vulnerabilities in the Security.php and Performance.php scripts due to improper sanitization of user-supplied input to the 'token' parameter before using it to generate...

5.3AI score
Exploits0References1
Atlassian
Atlassian
added 2012/03/01 1:59 a.m.23 views

open redirect in flushcache.action

A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the here is an example attack using the flaw...

0.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2007/10/29 8:46 p.m.25 views

CVE-2007-5692

Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...

4.3CVSS6AI score0.04772EPSS
Exploits1References1
NVD
NVD
added 2007/10/29 8:46 p.m.22 views

CVE-2007-5692

Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...

4.3CVSS5.5AI score0.04772EPSS
Exploits1References14
Friends Of PHP
Friends Of PHP
added 1970/01/01 12:0 a.m.21 views

Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP

Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...

4.3CVSS6.1AI score0.01244EPSS
Exploits1Affected Software1
Rows per page
Query Builder