117 matches found
Vimeo: All Vimeo Private videos disclosure via Authorization Bypass
Hello, There is a vulnerability in https://vimeo.com/VIDEOID?action=share that makes all Vimeo private videos available to anybody. POC link : http://opnsec.com/vimeo/vl/videoLeak.php?video=VIDEOID POC requirements : - No need to be logged in Vimeo - Because of sensitivity of this, I put a passwo...
Serendipity SQL Injection Vulnerability (CNVD-2015-06035)
Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An SQL injection vulnerability exists in the 'serendipitycheckCommentToken' function in the include/functionscomments.inc.php script in...
freeshell fix side-channel attack vulnerabilities-vulnerability warning-the black bar safety net
Vulnerability science Side-channel attacksside channel attack referred to as SCA, also known as side-channel attacks:for the encryption of electronic devices during the run time consumption, power consumption or electromagnetic radiation or the like of the side-channel information leakage and...
Code injection
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...
CVE-2014-4980
The /server/properties resource in Tenable Web UI before 2.3.5 for Nessus 5.2.3 through 5.2.7 allows remote attackers to obtain sensitive information via the token parameter...
CVE-2014-4980
The CVE-2014-4980 entry affects Tenable Nessus/Web UI, specifically Nessus versions 5.2.3–5.2.7. The issue is an information-disclosure vulnerability in the Web UI: the /server/properties endpoint can disclose sensitive data via the token parameter due to insufficient parameter checking. Reported...
CVE-2013-0201
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
CVE-2013-0201
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
CVE-2013-0201
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
CVE-2013-0201
Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...
Fedora 19 : mediawiki-1.21.2-1.fc19 (2013-15984)
SECURITY: Fix extension detection with 2 .'s - SECURITY: Support for the 'gettoken' parameter to action=block and action=unblock, deprecated since 1.20, has been removed. - SECURITY: Sanitize ResourceLoader exception messages - Purge upstream caches when deleting file assets. - Unit test suite...
Incapsula Component for Joomla! 'token' Parameter Multiple XSS
The version of the Incapsula component for Joomla! running on the remote host is affected by multiple cross-site scripting XSS vulnerabilities in the Security.php and Performance.php scripts due to improper sanitization of user-supplied input to the 'token' parameter before using it to generate...
open redirect in flushcache.action
A skipfish scan of confluence found that flushcache.action is vulnerable to 'open redirect' as the returlUrl seems to send up in the Location HTTP header on a 302 redirect response. Note the token parameter in the here is an example attack using the flaw...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
CVE-2007-5692
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
Cross-site scripting (XSS) vulnerability in Paypal-Merchant-SDK-PHP
Hello: I have find a Reflected XSS vulnerability in this sdk. The vulnerability exists due to insufficient filtration of user-supplied data in “token” HTTP GET parameter that will be passed to “merchant-sdk-php\samples\AccountAuthentication\GetAuthDetails.html.php”. The infected source code is li...