Page 4 of 19 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface (aka Futon) in Apache CouchDB 0.8.0 through 1.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en la interfaz de administración web (también conocido como Futon) en Apache CouchDB v0.8.0 hasta v1.0.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://mail-archives.apache.org/mod_mbox/couchdb-dev/201101.mbox/%3CC840F655-C8C5-4EC6-8AA8-DD223E39C34A%40apache.org%3E http://osvdb.org/70734 http://secunia.com/advisories/43111 http://www.securityfocus.com/archive/1/516058/100/0/threaded http://www.securityfocus.com/bid/46066 http://www.securitytracker.com/id?1025013 http://www.vupen.com/english/advisories/2011/0263 https://exchange.xforce.ibmcloud.com/vulnerabilities/65050 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

Untrusted search path vulnerability in a certain Debian GNU/Linux patch for the couchdb script in CouchDB 0.8.0 allows local users to gain privileges via a crafted shared library in the current working directory. Vulnerabilidad ruta de búsqueda no confiable en un cierto parche de Debian GNU/Linux para el script couchdb en CouchDB 0.8.0 permite a usuarios locales escalar privilegios mediante una librería compartida manipulada en el directorio de trabajo actual. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594412 http://secunia.com/advisories/41383 http://www.debian.org/security/2010/dsa-2107 http://www.nth-dimension.org.uk/blog.php?id=87 http://www.openwall.com/lists/oss-security/2010/08/25/7 http://www.openwall.com/lists/oss-security/2010/08/26/1 http://www.openwall.com/lists/oss-security/2010/08/26/5 http://www.openwall.com/lists/oss-security/2010/08/29/4 http://www.securityfocus.com/bid/42758&# •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

Cross-site request forgery (CSRF) vulnerability in Apache CouchDB 0.8.0 through 0.11.0 allows remote attackers to hijack the authentication of administrators for direct requests to an installation URL. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Apache CouchDB 0.8.0 a 0.11.0, permite a atacantes remotos secuestrar la autenticación de administradores para peticiones directas a una URL de instalación. • http://seclists.org/fulldisclosure/2010/Aug/199 http://www.securityfocus.com/archive/1/513174/100/0/threaded http://www.securityfocus.com/bid/42501 https://bugzilla.redhat.com/show_bug.cgi?id=624764 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords. Apache CouchDB v0.8.0 hasta v0.10.1 permite a atacantes remotos conseguir información sensible midiedfo el tiempo de completar las operaciones que verifican (1) hashes o (2) passwords. • http://archives.neohapsis.com/archives/bugtraq/2010-03/0267.html http://couchdb.apache.org/security.html http://secunia.com/advisories/39146 http://www.osvdb.org/63350 http://www.securityfocus.com/archive/1/510427/100/0/threaded http://www.securityfocus.com/bid/39116 https://bugzilla.redhat.com/show_bug.cgi?id=578572 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •