34 matches found
Cross-site Scripting (XSS)
github.com/rancher/rancher is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the Projects/Namespaces and Auth Provider sections, which allows an attacker with write access to inject and execute malicious code and steal sensitive information, manipulate web content, or perform...
Cross site scripting
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...
CVE-2022-43760
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...
CVE-2022-43760
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...
Mageia: Security Advisory (MGASA-2014-0518)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2017-7820
The "instanceof" operator can bypass the Xray wrapper mechanism. When called on web content from the browser itself or an extension the web content can provide its own result for that operator, possibly tricking the browser or extension into mishandling the element. This vulnerability affects...
KLA10865 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions or inject arbitrary code. Below is a complete list of vulnerabilities 1. An improper values validation at Skia can be exploited remotely via a...
Wordpress 1.2 Wp-login.PHP HTTP Response Splitting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11348/info Wordpress is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remot...
Serendipity 0.x Exit.PHP HTTP Response Splitting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11497/info Serendipity is reported prone to an HTTP response splitting vulnerability. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This...
Sympa 4.x New List HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10992/info An HTML injection vulnerability is reported in Sympa. The problem occurs due to a failure of the application to properly sanitize user-supplied input data. Unsuspecting users viewing the affected page will have...
vBulletin 2.2.7/2.2.8 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6337/info Problems with vBulletin could make it possible for an attacker to inject arbitrary HTML in vBulletin forum messages. vBulletin does not sufficiently filter potentially malicious HTML code from posted messages. A...
NuKed-Klan 1.x Submit Link Function HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11733/info NuKed-Klan 'submit URI link' function is reported prone to a HTML injection vulnerability. It is reported that the issue exists due to a lack of sufficient input validation performed on the 'website name' input...
Ubuntu Update for thunderbird USN-1185-1
Ubuntu Update for Linux kernel vulnerabilities USN-1185-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN11851.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for thunderbird USN-1185-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net...
WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting Cross-Site Scripting
WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/41132/info Cimy Counter for WordPress is prone to an HTTP response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize...
CVE-2008-3203
AuraCMS 2.2 (through 2.2.2) is affected by an authentication flaw in js/pages/pages_data.php where no authentication is performed. Remote attackers can modify the id parameter to add, edit, or delete web content. The issue is documented across multiple sources (NVD, CVE listings) and is capable o...
Shop-Script - Multiple HTTP Response Splitting Vulnerabilities
source: https://www.securityfocus.com/bid/20685/info Shop-Script is prone to multiple HTTP response-splitting vulnerabilities because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is...
ProductCart Multiple Input Validation Vulnerabilities
The remote host is running a version of the ProductCart shopping cart software that suffers from several input validation vulnerabilities: - SQL Injection Vulnerabilities The 'advSearchh.asp' script fails to sanitize user input to the 'idCategory', and 'resultCnt' parameters, allowing an attacker...
PhotoPost Pro 5.1 - showphoto.php?photo SQL Injection
PhotoPost Pro 5.1 - showphoto.php?photo SQL Injection source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to...
PhotoPost Pro 5.1 - showmembers.php Multiple Cross-Site Scripting Vulnerabilities
PhotoPost Pro 5.1 - showmembers.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12920/info Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied...
Phorum 3.x/5.0.x - HTTP Response Splitting
source: https://www.securityfocus.com/bid/12869/info A remote HTTP response splitting vulnerability reportedly affects Phorum. This issue is due to a failure of the application to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to influence or misrepresent...