Lucene search
K

531 matches found

OSV
OSV
added 2014/11/08 11:55 a.m.4 views

UBUNTU-CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS7.3AI score0.0386EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2014/11/08 11:0 a.m.33 views

CVE-2014-7819

Multiple directory traversal vulnerabilities in server.rb in Sprockets before 2.0.5, 2.1.x before 2.1.4, 2.2.x before 2.2.3, 2.3.x before 2.3.3, 2.4.x before 2.4.6, 2.5.x before 2.5.1, 2.6.x and 2.7.x before 2.7.1, 2.8.x before 2.8.3, 2.9.x before 2.9.4, 2.10.x before 2.10.2, 2.11.x before 2.11.3...

5CVSS5.3AI score0.0386EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/10/23 12:0 a.m.1 views

JavaScript Percent-Encoding Obfuscation

Although various security products provide coverage against many web vulnerabilities, such as ActiveX exploits, these known exploits could potentially bypass security products by using JavaScript obfuscation techniques.An example of such a technique is percent-encoding, also known as URL encoding...

1.7AI score
Exploits0
securityvulns
securityvulns
added 2014/10/15 12:0 a.m.52 views

[SECURITY] [DSA 3017-1] php-cas security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3017-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst September 2, 2014 http://www.debian.org/security/faq -...

1.2AI score0.06057EPSS
Exploits0
myhack58
myhack58
added 2014/10/10 12:0 a.m.8 views

PHP/Sqlite under the Common Vulnerability analysis-vulnerability warning-the black bar safety net

0x00 before the bit SQLite as a lightweight database,PHP developers, one set not Mo where students,PHP5,which has the default integrated this lightweight embedded database products. For use with a PHP/Sqlite CMS,also there is one of these common security threats. The author of the following numbe...

0.3AI score
Exploits0
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.16 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.16 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2014/07/28 4:26 a.m.21 views

Content injection caused by failing to encode the url

The exampleURLPrefix variable given to the single-xml-header.vm|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-core/src/main/resources/templates/plugins/issueviews/single-xml-header.vm11 or...

1.2AI score
Exploits0Affected Software1
UbuntuCve
UbuntuCve
added 2014/07/01 10:17 a.m.27 views

CVE-2014-1345

WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x before 7.0.5 does not properly encode domain names in URLs, which allows remote attackers to spoof the address bar via a crafted web site...

4.3CVSS5.9AI score0.01721EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability

No description provided by source. Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The symb parameter o...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

CSSearch 2.3 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4368/info csSearch is a website search script, written in Perl. It will run on most Unix and Linux variants, as well as Microsoft operating systems. csSearch is prone to an issue which may enable an attacker to execute Pe...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

MyBB AJAX Chat - Persistent XSS Vulnerability

No description provided by source. Title: MyBB AJAX Chat Persistent XSS Vulnerability Date: 12/12/2012 Exploit Author: Mr. P-teo Vendor Homepage: http://www.mybb.com/ Software Link: http://mods.mybb.com/view/ajax-chat Version: 1 Tested on: Windows The Persistent XSS vulnerability lies within the...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14059/info CSVDB.CGI/iDB.CGI are affected by a remote command execution vulnerability. Specifically, an attacker can supply arbitrary commands prefixed with the '|' character through the 'csvdb.cgi' script that will be...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

My Gaming Ladder Combo System <= 7.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl Method found & Exploit scripted by nukedx Contacts ICQ: 10072 MSN/Main: [email protected] web: www.nukedx.com Original advisory: http://www.nukedx.com/?viewdoc=28 Usage: ladder.pl host path cmd Dork: Ladder Scripts by http://www.mygamingladder.com...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Edimax AR-7084GA Router CSRF + Persistent XSS Exploit

No description provided by source. ?php / Edimax AR-7084GA Router CSRF + Persistent XSS Exploit Firmware version: 2.9.8.1RUE0.C2A3.7.6.1 Vulnerable page: http://xx.xx.xx.xx/advanced/advnatvirsvr.htm Author: l3D Sites: http://xraysecurity.blogspot.com, http://nullbyte.org.il IRC: irc://irc.nix.co....

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

CGIScript.net csNews 1.0 Double URL Encoding Unauthorized Administrative Access

No description provided by source. source: http://www.securityfocus.com/bid/4993/info csNews is a script for managing news items on a website. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. Users with public access to the system may be able to view an...

7.1AI score
Exploits0
UbuntuCve
UbuntuCve
added 2014/06/25 12:0 a.m.48 views

CVE-2014-4650

The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct directory traversal attacks and execute unintended code via a crafted character sequence, as...

9.8CVSS7AI score0.24148EPSS
Exploits5References3
NVD
NVD
added 2014/03/24 2:20 p.m.30 views

CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS5.6AI score0.01486EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2014/03/24 2:20 p.m.28 views

CVE-2013-7343

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS6AI score0.01486EPSS
Exploits1References3
Prion
Prion
added 2014/03/24 2:20 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix fo...

4.3CVSS6AI score0.01486EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder