4 matches found
Padding oracle attacks
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks...
CVE-2011-1671
Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...
Joomla JD-WordPress Vulnerability File Inclusion Version 2.0 RC2
REGISTER GLOBALS ON wp-feed.php?mosConfigabsolutepath= Version 2.0 RC2 UPDATE IT ! !/usr/bin/perl + Author : Don Tukulesto [email protected] + Date : October 20, 2009 + Homepage : http://www.indonesiancoder.com + Vendor : www.joomladeveloping.org + version : 2.0 RC2 + Method : Remote File...
Digital Hive 2.0 - 'base_include.php' Local File Inclusion
source: https://www.securityfocus.com/bid/29255/info Digital Hive is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to view local files in the context of the...