[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249982

 
 

909

 
 

195748

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 6552 Download | Alert*

It was discovered that znc, an IRC proxy/bouncer, does not properly sanitize input contained in configuration change requests to the webadmin interface. This allows authenticated users to elevate their privileges and indirectly execute arbitrary commands (CVE-2009-0759).

It was discovered that mahara, an electronic portfolio, weblog, and resume builder, is prone to cross-site scripting attacks, which allows the injection of arbitrary Java or HTML code. The oldstable distribution (etch) does not contain mahara.

It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to crosssite scripting attacks.

A cross-site-scripting vulnerability has been discovered in the login form of the Shibboleth identity provider module for Wordpress.

The Shopify Application Security Team reported that ruby-loofah, a general library for manipulating and transforming HTML/XML documents and fragments, allows non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. This might allow to mount a code injection attack into a browser consuming sanitized output.

John Lightsey discovered a format string injection vulnerability in the localisation of templates in Movable Type, a blogging system. An unauthenticated remote attacker could take advantage of this flaw to execute arbitrary code as the web server user.

Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. CVE-2015-3011 Hugh Davenport discovered that the contacts application shipped with ownCloud is vulnerable to multiple stored cross-site scripting attacks. This vulnerability is effectively exploitable in any browser. CVE-2015-3012 Roy Jansen discovered that the doc ...

Multiple vulnerabilities were discovered in ownCloud, a cloud storage web service for files, music, contacts, calendars and many more. These flaws may lead to the execution of arbitrary code, authorization bypass, information disclosure, cross-site scripting or denial of service.

Crtc4L discovered a cross-site scripting vulnerability in wordpress, a web blogging tool, allowing a remote authenticated administrator to compromise the site.

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues: CVE-2016-2054 The incorrect handling of user-supplied input in the "config" command can trigger a stack-based buffer overflow, resulting in denial of service or remote code execution. CVE-2016-2055 The incorrect handling of user-supplied input in the " ...


Pages:      Start    633    634    635    636    637    638    639    640    641    642    643    644    645    646    ..   655

© SecPod Technologies