Page 136 of 700 results (0.016 seconds)

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 2

CVE-2014-5026

https://notcve.org/view.php?id=CVE-2014-5026

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote authenticated users with console access to inject arbitrary web script or HTML via a (1) Graph Tree Title in a delete or (2) edit action; (3) CDEF Name, (4) Data Input Method Name, or (5) Host Templates Name in a delete action; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name in a delete or (9) duplicate action. Múltiples vulnerabilidades de XSS en Cacti 0.8.8b permiten a usuarios remotos autenticados con acceso a la consola inyectar secuencias de comandos web o HTML arbitrarios a través de (1) un título de árbol de gráfico en una acción de eliminación o (2) de editar; (3) CDEF Name, (4) Data Input Method Name, o (5) Host Templates Name en una acción de eliminación; (6) Data Source Title; (7) Graph Title; or (8) Graph Template Name en una acción de eliminación o (9) duplicar. • http://bugs.cacti.net/view.php?id=2456 http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://seclists.org/oss-sec/2014/q3/244 http://www.debian.org/security/2014/dsa-3007 http://www.openwall.com/lists/oss-security/2014/07/22/9 http://www.securityfocus.com/bid/68759 https://exchange.xforce.ibmcloud.com/vulnerabilities/94816 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0

CVE-2014-3429

https://notcve.org/view.php?id=CVE-2014-3429

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a crafted page. IPython Notebook 0.12 hasta 1.x anterior a 1.2 no valida el origen de las solicitudes de Websockets, lo que permite a atacantes remotos ejecutar código arbitrario mediante el aprovechamiento de conocimiento del kernel id y una página manipulada. • http://advisories.mageia.org/MGASA-2014-0320.html http://lambdaops.com/cross-origin-websocket-hijacking-of-ipython http://lists.opensuse.org/opensuse-updates/2014-08/msg00039.html http://permalink.gmane.org/gmane.comp.python.ipython.devel/13198 http://seclists.org/oss-sec/2014/q3/152 http://www.mandriva.com/security/advisories?name=MDVSA-2015:160 https://bugzilla.redhat.com/show_bug.cgi?id=1119890 https://exchange.xforce.ibmcloud.com/vulnerabilities/94497 https://github.com/ipython/ipyth • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-4002

https://notcve.org/view.php?id=CVE-2014-4002

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the (1) drp_action parameter to cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php, or (9) host_templates.php or the (10) graph_template_input_id or (11) graph_template_id parameter to graph_templates_inputs.php. Múltiples vulñnerabilidades de XSS en Cacti 0.8.8b permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) drp_action en cdef.php, (2) data_input.php, (3) data_queries.php, (4) data_sources.php, (5) data_templates.php, (6) graph_templates.php, (7) graphs.php, (8) host.php o (9) host_templates.php o el parámetro (10) graph_template_input_id o (11) graph_template_id en graph_templates_inputs.php. • http://lists.opensuse.org/opensuse-updates/2015-03/msg00034.html http://secunia.com/advisories/59203 http://secunia.com/advisories/59517 http://svn.cacti.net/viewvc?view=rev&revision=7451 http://svn.cacti.net/viewvc?view=rev&revision=7452 http://www.debian.org/security/2014/dsa-2970 http://www.securityfocus.com/bid/68257 https://security.gentoo.org/glsa/201509-03 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 2

CVE-2014-4165

https://notcve.org/view.php?id=CVE-2014-4165

Cross-site scripting (XSS) vulnerability in ntop allows remote attackers to inject arbitrary web script or HTML via the title parameter in a list action to plugins/rrdPlugin. Vulnerabilidad de XSS en ntop permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro title en una acción list en plugins/rrdPlugin. • http://advisories.mageia.org/MGASA-2015-0168.html http://lists.opensuse.org/opensuse-updates/2015-04/msg00029.html http://packetstormsecurity.com/files/127043/ntop-xss.txt http://www.mandriva.com/security/advisories?name=MDVSA-2015:216 http://www.securityfocus.com/bid/68002 http://www.securitytracker.com/id/1030437 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 3%CPEs: 7EXPL: 0

CVE-2014-2978

https://notcve.org/view.php?id=CVE-2014-2978

The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write. La función Dispatch_Write en proxy/dispatcher/idirectfbsurface_dispatcher.c en DirectFB 1.4.4 permite a atacantes remotos causar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de la interfaz Voodoo, lo que provoca una escritura fuera de rango. • http://advisories.mageia.org/MGASA-2015-0176.html http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00019.html http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00003.html http://mail.directfb.org/pipermail/directfb-dev/2014-March/006805.html http://secunia.com/advisories/58448 http://www.mandriva.com/security/advisories?name=MDVSA-2015:223 http://www.openwall.com/lists/oss-security/2014/05/15/10 https://security.gentoo.org/glsa/201701-55 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •