Debian: Security Advisory (DSA-2221-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2221-1 : libmojolicious-perl - directory traversal

Viacheslav Tykhanovskyi discovered a directory traversal vulnerability in Mojolicious, a Perl Web Application Framework. The oldstable distribution lenny doesn't contain libmojolicious-perl. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugi...

DSA-2221-1 libmojolicious-perl - directory traversal

Bulletin has no description...

Ruby on Rails跨站脚本执行及跨站请求伪造漏洞

BUGTRAQ ID: 46291 CVE ID: CVE-2011-0446,CVE-2011-0447 Ruby on Rails简称RoR或Rails，是一个使用Ruby语言写的开源Web应用框架，它是严格按照MVC结构开发的。 Ruby on Rails在实现上存在跨站脚本执行和跨站请求伪造漏洞，攻击者可利用跨站脚本执行漏洞在受影响浏览器中执行任意脚本代码，窃取Cookie验证凭证。 Ruby on Rails Ruby on Rails 3.x Ruby on Rails Ruby on Rails 2.x Ruby on Rails Ruby on Rails 1.x 厂商补...

Fedora Update for zikula FEDORA-2010-8501

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8501 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

Fedora Update for zikula FEDORA-2010-8464

Check for the Version of zikula OpenVAS Vulnerability Test Fedora Update for zikula FEDORA-2010-8464 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 12 Update: zikula-1.2.3-1.fc12

A free open source Web Application Framework. It can be used to develop robust, secure, interactive and editable websites and web based applications. Zikula is written in PHP, object oriented, and fully modular. It requires a database and may use all leading database platforms like MySQL,...

DSA-1966-1 horde3 - cross-site scripting

Bulletin has no description...

Horde 3.3.5 - PHP_SELF Cross-Site Scripting

Horde 3.3.5 - PHPSELF Cross-Site Scripting ============================================= INTERNET SECURITY AUDITORS ALERT 2009-012 - Original release date: October 13th, 2009 - Last revised: December 16th, 2009 - Discovered by: Juan Galiana Lara - CVE ID: CVE-2009-3701 - Severity: 6.3/10 CVSS Bas...

DNN (DotNetNuke) Detection

The remote web server is running DNN formerly known as DotNetNuke, a web application framework written in ASP.NET. Note that this plugin can attempt to log into the application and obtain version information if supplied with credentials for a user with superuser privileges. C Tenable Network...

Microsoft Silverlight Detection

A version of Microsoft's Silverlight is installed on this host. Microsoft Silverlight is a web application framework that provides functionalities similar to those in Adobe Flash, integrating multimedia, graphics, animations and interactivity into a single runtime environment. C Tenable Network...

Debian: Security Advisory (DSA-1897-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA-1897-1 [email protected] http://www.debian.org/security/ Nico Golde September 28th, 2009 http://www.debian.org/security/faq -...

Ruby on Rails http_authentication.rb Nil凭据绕过认证漏洞

BUGTRAQ ID: 35579 Ruby on Rails是一个新的Web应用程序框架，构建在Ruby语言之上。 Ruby on Rails的actionpack/lib/actioncontroller/httpauthentication.rb文件中的 validatedigestresponse函数在处理nil凭据时存在错误，如果没有找到用户返回的是nil，而正确的行为是返回 false。远程攻击者发送空的认证凭据就可以绕过HTTP认证获得非授权访问。 David Heinemeier Hansson Ruby on Rails 2.3.2 厂商补丁： David...

Apache Struts 2 < 2.0.12 / 2.1.3 Dispatcher Directory Traversal

The remote web server is using Apache Struts, a web application framework for developing Java EE web applications. The version of Apache Struts 2 installed on the remote host fails to properly decode and normalize the request path before serving static content. Using double-encoded directory...

Gentoo Security Advisory GLSA 200606-28 (horde)

The remote host is missing updates announced in advisory GLSA 200606-28. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-1033-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

bitweaver-xss.txt

-=--------------------ADVISORY-------------------=- bitweaver 1.3.1 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: bitweaver -=+ Version: 1.3.1 -=+ Vendor's URL: http://www.bitweaver.org/articles/ -=+ Platform: Windows\Linux\Unix -=+ Bug typ...

Debian DSA-1033-1 : horde3 - several vulnerabilities

Several remote vulnerabilities have been discovered in the Horde web application framework, which may lead to the execution of arbitrary web script code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-4190 Several Cross-Site-Scripting vulnerabiliti...

Detects Xaraya version

The remote web server contains a web application framework written in PHP. Description : This script detects whether the remote host is running Xaraya and extracts the version number and location if found. Xaraya is an extensible, open-source web application framework written in PHP. OpenVAS...