1231 matches found
CVE-2016-5433
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors...
UBUNTU-CVE-2016-2451
codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate VPX output buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining...
python-django: Information leak through date template filter
An information-exposure flaw was found in the Django date filter. If an application allowed users to provide non-validated date formats, a malicious end user could expose application-settings data by providing the relevant applications-settings key instead of a valid date format...
ros.ie XSS vulnerability
Vulnerable URL: https://www.ros.ie/FunctionalityServlet/acl/validCert.jsp?language=de Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 11:43 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 42299 Google Pagerank...
Unfixed XSS vulnerability at webinars.snm.org
Security researcher Ehsan Ice, has submitted on 05/03/2015 a cross-site-scripting XSS vulnerability affecting webinars.snm.org, which at the time of submission ranked 1073431 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/03/2015. It is...
Square: Redirecting a victim elsewhere through shopseen 0auth
Hello there team This is Shahmeer and i found out about an issue in the square web application that is redirection of users to some other part of the third party website due to non validation of the redirect URL parameter Basically here is the Sample URI stored on the square website with the...
Windows Server IoT/Windows Storage Server — Support Statement
Support Statement At Veeam, we understand that some customers may have hardware that comes pre-installed with Windows Server IoT or Windows Storage Server, and they may want to use these to fill the role of Veeam-product component servers. While Windows Server IoT and Windows Storage Server are...
CVE-2014-4564
Cross-site scripting XSS vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter...
CVE-2014-4564
CVE-2014-4564 is a Cross-Site Scripting (XSS) flaw in the WordPress Validated plugin up to version 1.0.2 (check.php) that allows remote attackers to inject arbitrary script/HTML via the slug parameter. Affected software is the Validated WordPress plugin (
CVE-2014-4564
Cross-site scripting XSS vulnerability in check.php in the Validated plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter...
Fixed XSS vulnerability at www.wesecure.nl
Security researcher RedToor, has submitted on 17/01/2014 a cross-site-scripting XSS vulnerability affecting www.wesecure.nl, which at the time of submission ranked 14032513 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/03/2015. It is...
phpyun SQL注入
简要描述: 处理不当导致注入,绕过waf 详细说明: 在/model/qqconnect.class.php文件中: function certaction $id=$GET'id'; $arr=@explode"|",base64decode$id; if$id && isarray$arr && $arr0 && $arr2==$this-config'coding' $row=$this-obj-DBselectonce"companycert","uid='".$arr0."' and check2='".$arr1."'"; ifisarray$row...
Oracle Linux 4 / 5 : oracle-validated (ELSA-2011-2031)
Description of changes: - Fix for security bug CVE-2011-2306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Oracle Linux Security Advisory ELSA-2011-2031. include'deprecatednasllevel.inc'; include'compat.inc'; if...
Unfixed Redirect vulnerability at www.sayit.ie
Security researcher p0pc0rn, has submitted on 11/01/2012 a Redirect vulnerability affecting www.sayit.ie, which at the time of submission ranked 3901676 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is currently unfixed. If you...
Unfixed XSS vulnerability at publications.univ-st-etienne.fr
Security researcher Atmon3r, has submitted on 11/01/2012 a cross-site-scripting XSS vulnerability affecting publications.univ-st-etienne.fr, which at the time of submission ranked 149236 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/201...
Unfixed Redirect vulnerability at www.nagt.org
Security researcher p0pc0rn, has submitted on 11/01/2012 a Redirect vulnerability affecting www.nagt.org, which at the time of submission ranked 9603492 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/01/2012. It is currently unfixed. If you...
Unfixed XSS vulnerability at www.cadoons-boutique.com
Security researcher Atmon3r, has submitted on 10/01/2012 a cross-site-scripting XSS vulnerability affecting www.cadoons-boutique.com, which at the time of submission ranked 710303 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 10/01/2012. It i...
Unfixed XSS vulnerability at www.brancopelle.com
Security researcher Cr4t3r, has submitted on 09/02/2012 a cross-site-scripting XSS vulnerability affecting www.brancopelle.com, which at the time of submission ranked 17766028 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 19/09/2012. It is...
Unfixed XSS vulnerability at www.marasimba.com
Security researcher IrIsT.Ir, has submitted on 07/01/2012 a cross-site-scripting XSS vulnerability affecting www.marasimba.com, which at the time of submission ranked 1192235 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It is...