6 matches found
CVE-2012-2128
Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...
CVE-2012-2128
Cross-site request forgery CSRF vulnerability in doku.php in DokuWiki 2012-01-25 Angua allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users. NOTE: this issue has been disputed by the vendor, who states that it is resultant from CVE-2012-2129...
Fedora 11 : python-paste-1.7.4-1.fc11 (2010-10400)
1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...
Fedora 12 : python-paste-1.7.4-1.fc12 (2010-10383)
1.7.4 The only real change is to paste.httpexceptions, which was using insecure quoting of some parameters and allowed an XSS hole, most specifically with its 404 messages. The most notably WSGI application using this is paste.urlparse.StaticURLParser and PkgResourcesParser. By directing someone ...
fr-dyn0.txt
FriendsReunited.co.uk - XSS hole -------------------------------- Desc: Theres' a XSS hole in FriendsReunited Risk: Medium to High can be used to include malicious code Discovered by : dyn0 codeslaghatgmail.com http://0xdeadface.co.uk Site blurb : So FriendsReunited is one of those places where...
Geeklog XSS and CRLF Injection
Geeklog XSS and CRLF Injection PROGRAM: Geeklog VENDOR: Tony Bibbs et al. [email protected] HOMEPAGE: http://geeklog.sourceforge.net/ VULNERABLE VERSIONS: 1.3.5sr1, possibly earlier versions as well NOT VULNERABLE VERSIONS: 1.3.5sr2 LOGIN REQUIRED: no SEVERITY: high DESCRIPTION:...