Lucene search
K

124 matches found

OpenVAS
OpenVAS
added 2016/04/01 12:0 a.m.34 views

Apache Jetspeed Multiple Vulnerabilities (Mar 2016)

Apache Jetspeed is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:jetspeed"; if...

9CVSS6.8AI score0.77495EPSS
Exploits9References2
Tenable Nessus
Tenable Nessus
added 2016/03/28 12:0 a.m.21 views

Apache Jetspeed Portal URI Path Reflected XSS

The Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting XSS vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially...

6.1CVSS7.1AI score0.03203EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2014/02/01 12:0 a.m.306 views

Apache Tomcat Manager Code Execution

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 /Apache.Coyote|Tomcat/ CSRFVAR = 'CSRFNONCE=' include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initializeinfo =...

10CVSS8.8AI score0.78995EPSS
Exploits25
Metasploit
Metasploit
added 2013/02/25 8:14 p.m.24 views

PolarBear CMS PHP File Upload Vulnerability

This module exploits a file upload vulnerability found in PolarBear CMS By abusing the upload.php file, a malicious user can upload a file to a temp directory without authentication, which results in arbitrary code execution. This module requires Metasploit: https://metasploit.com/download Curren...

9.8CVSS7.5AI score0.74977EPSS
Exploits5
OpenVAS
OpenVAS
added 2013/01/21 12:0 a.m.33 views

CentOS Update for gnome-vfs2 CESA-2013:0131 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

4.3CVSS6.4AI score0.08437EPSS
Exploits1References2
Metasploit
Metasploit
added 2012/07/26 6:11 p.m.82 views

Symantec Web Gateway 5.0.2.18 pbcontrol.php Command Injection

This module exploits a command injection vulnerability found in Symantec Web Gateway's HTTP service. While handling the filename parameter, the Spywall API does not do any filtering before passing it to an exec call in proxyfile, thus results in remote code execution under the context of the web...

10CVSS0.1AI score0.67389EPSS
Exploits9
Nmap
Nmap
added 2012/05/14 9:30 p.m.151 views

ajp-request NSE Script

Requests a URI over the Apache JServ Protocol and displays the result or stores it in a file. Different AJP methods such as; GET, HEAD, TRACE, PUT or DELETE may be used. The Apache JServ Protocol is commonly used by web servers to communicate with back-end Java application server containers. Scri...

10CVSS9.3AI score0.99448EPSS
Exploits33
NVD
NVD
added 2011/05/23 10:55 p.m.23 views

CVE-2011-1765

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.5AI score0.02098EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2011/05/23 10:55 p.m.24 views

CVE-2011-1765

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.9AI score0.02098EPSS
Exploits1References1
Prion
Prion
added 2011/05/23 10:55 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.7AI score0.02591EPSS
Exploits2References8Affected Software1
Debian CVE
Debian CVE
added 2011/05/23 10:0 p.m.62 views

CVE-2011-1765

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction wit...

4.3CVSS5.5AI score0.02098EPSS
Exploits1
NVD
NVD
added 2011/04/27 12:55 a.m.20 views

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

4.3CVSS5.5AI score0.02591EPSS
Exploits1References16
UbuntuCve
UbuntuCve
added 2011/04/27 12:55 a.m.26 views

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

4.3CVSS5.8AI score0.02591EPSS
Exploits1References1
Prion
Prion
added 2011/04/27 12:55 a.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

4.3CVSS5.8AI score0.02591EPSS
Exploits1References16Affected Software1
UbuntuCve
UbuntuCve
added 2011/04/27 12:55 a.m.29 views

CVE-2011-1587

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

4.3CVSS5.8AI score0.01711EPSS
Exploits0References1
Prion
Prion
added 2011/04/27 12:55 a.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

4.3CVSS5.7AI score0.02591EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2011/04/27 12:0 a.m.30 views

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

5.4AI score0.02591EPSS
Exploits1References16
CVE
CVE
added 2011/04/27 12:0 a.m.64 views

CVE-2011-1587

MediaWiki vulnerable component: web application logic handling file uploads and URI parsing. CVE-2011-1587 is a cross-site scripting (XSS) flaw affecting MediaWiki prior to 1.16.4, triggered when Internet Explorer 6 or earlier is used and a file with a dangerous extension (e.g., .html) is accesse...

4.3CVSS5.6AI score0.01711EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2010/11/05 5:0 p.m.28 views

CVE-2010-3863

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...

5CVSS6.5AI score0.54799EPSS
Exploits2References7
Prion
Prion
added 2010/11/05 5:0 p.m.20 views

Design/Logic Flaw

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI...

5CVSS7.1AI score0.54799EPSS
Exploits2References7Affected Software2
Rows per page
Query Builder