Lucene search
+L

9742 matches found

myhack58
myhack58
added 2007/07/24 12:0 a.m.28 views

Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net

On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...

7.1AI score
Exploits0
Prion
Prion
added 2007/07/11 5:30 p.m.16 views

Crlf injection

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...

7.5CVSS7.5AI score0.01402EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2007/07/11 5:30 p.m.17 views

Cross site scripting

Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

2.6CVSS6.1AI score0.0106EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2007/07/11 5:30 p.m.21 views

CVE-2007-3686

CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...

7.5CVSS7AI score0.01402EPSS
Exploits0References5
NVD
NVD
added 2007/07/11 5:30 p.m.13 views

CVE-2007-3685

Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

2.6CVSS5.7AI score0.0106EPSS
Exploits0References5
NVD
NVD
added 2007/07/11 5:30 p.m.19 views

CVE-2007-3684

Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 q and 2 t parameters in a db.php and b rpc.php...

7.5CVSS8.5AI score0.01258EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/07/11 5:0 p.m.24 views

CVE-2007-3685

Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

5.7AI score0.0106EPSS
Exploits0References5
CVE
CVE
added 2007/07/11 5:0 p.m.54 views

CVE-2007-3684

Affected software: Unobtrusive Ajax Star Rating Bar before 1.2.0. Root cause: SQL injection in the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. Impact: remote attackers can execute arbitrary SQL commands. Mitigation: upgrade to version 1.2.0 or later (apply patch).

7.5CVSS8.5AI score0.01258EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2007/07/11 5:0 p.m.49 views

CVE-2007-3686

The CVE-2007-3686 entry describes a CRLF injection vulnerability in the Unobtrusive Ajax Star Rating Bar prior to 1.2.0. The flaw occurs in db.php and allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. Public references corroborate ...

7.5CVSS7AI score0.01402EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2007/07/11 5:0 p.m.45 views

CVE-2007-3685

CVE-2007-3685 affects the Unobtrusive Ajax Star Rating Bar (rpc.php). The issue is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via the q parameter in rpc.php, for versions before 1.2.0. The vulnerability is described across multiple sources as XSS in ...

2.6CVSS5.7AI score0.0106EPSS
Exploits0References5Affected Software1
myhack58
myhack58
added 2007/07/09 12:0 a.m.22 views

Classic: Web2. 0 client components vulnerability scanning one-vulnerability warning-the black bar safety net

A, Web2. 0 is the several technology of integrated application of the results, these techniques are: AJAX(Asynchronous JavaScript and XML,Flash, JSONJavaScript Object Notation,SOAP Simple Object Access Protocol and REST, Representational State Transfer, etc. These techniques coupled with...

6.4AI score
Exploits0
securityvulns
securityvulns
added 2007/07/04 12:0 a.m.46 views

Security on AIR: Local file access through JavaScript

Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...

6.6AI score
Exploits0
myhack58
myhack58
added 2007/06/25 12:0 a.m.35 views

Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net

On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...

7.1AI score
Exploits0
OSV
OSV
added 2007/05/22 9:30 p.m.4 views

DEBIAN-CVE-2007-2821

SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...

7.5CVSS8.8AI score0.052EPSS
Exploits1References1
Prion
Prion
added 2007/04/12 1:19 a.m.17 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...

7.5CVSS8.1AI score0.09914EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2007/04/12 1:19 a.m.29 views

CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...

7.5CVSS7.6AI score0.09914EPSS
Exploits0References6
Cvelist
Cvelist
added 2007/04/12 1:0 a.m.31 views

CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...

7.6AI score0.09914EPSS
Exploits0References6
CVE
CVE
added 2007/04/12 1:0 a.m.45 views

CVE-2007-1982

CVE-2007-1982 concerns multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) versions up to 2007-03-23 and earlier. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __clas...

7.5CVSS7.6AI score0.09914EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2007/04/10 12:0 a.m.10 views

PT-2007-1156

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 3.0.0 Description: The issue is related to the lack of protection for the structure of web pages, allowing a remote attacker to perform cross-site scripting using cross-domain ajax requests. When a cross-domain Ajax...

8.1CVSS7.5AI score0.99019EPSS
Exploits23References192
securityvulns
securityvulns
added 2007/04/05 12:0 a.m.201 views

RSPA Remote File Inclusion

RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit...

0.8AI score
Exploits0
Rows per page
Query Builder