9742 matches found
Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net
On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...
Crlf injection
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...
CVE-2007-3686
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTPREFERER parameter...
CVE-2007-3685
Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...
CVE-2007-3684
Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the 1 q and 2 t parameters in a db.php and b rpc.php...
CVE-2007-3685
Cross-site scripting XSS vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...
CVE-2007-3684
Affected software: Unobtrusive Ajax Star Rating Bar before 1.2.0. Root cause: SQL injection in the (1) q and (2) t parameters in (a) db.php and (b) rpc.php. Impact: remote attackers can execute arbitrary SQL commands. Mitigation: upgrade to version 1.2.0 or later (apply patch).
CVE-2007-3686
The CVE-2007-3686 entry describes a CRLF injection vulnerability in the Unobtrusive Ajax Star Rating Bar prior to 1.2.0. The flaw occurs in db.php and allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. Public references corroborate ...
CVE-2007-3685
CVE-2007-3685 affects the Unobtrusive Ajax Star Rating Bar (rpc.php). The issue is a cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary script/HTML via the q parameter in rpc.php, for versions before 1.2.0. The vulnerability is described across multiple sources as XSS in ...
Classic: Web2. 0 client components vulnerability scanning one-vulnerability warning-the black bar safety net
A, Web2. 0 is the several technology of integrated application of the results, these techniques are: AJAX(Asynchronous JavaScript and XML,Flash, JSONJavaScript Object Notation,SOAP Simple Object Access Protocol and REST, Representational State Transfer, etc. These techniques coupled with...
Security on AIR: Local file access through JavaScript
Hi! It's just a very first look to AIR Adobes Integrated Runtime and its possibilities to process HTML/JS. AIR is beta by now, so Adobe may change things in the final release. What is AIR? Quote from Adobe: "Adobe Integrated Runtime AIR is a cross- operating system runtime that allows you to...
Ajax allows a web page Trojan“quietly perform”-vulnerability warning-the black bar safety net
On the Ajax implementation, the developer is to think like the“Ajax to do that in user when browsing the web should not feel it to execute asynchronously, and does not need to wait for the page to refresh can be done automatically verify data”, such as whether the user name can be registered...
DEBIAN-CVE-2007-2821
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...
CVE-2007-1982
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...
CVE-2007-1982
Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax RSPA 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 IncludeFilePHPClass, 2 ClassPath, and 3 class parameters to a rspa/framework/Controllerv5.php, and b...
CVE-2007-1982
CVE-2007-1982 concerns multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) versions up to 2007-03-23 and earlier. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __clas...
PT-2007-1156
Name of the Vulnerable Software and Affected Versions: jquery versions prior to 3.0.0 Description: The issue is related to the lack of protection for the structure of web pages, allowing a remote attacker to perform cross-site scripting using cross-domain ajax requests. When a cross-domain Ajax...
RSPA Remote File Inclusion
RSPA Remote File Inclusion Really Simple PHP and Ajax RSPA RSPA is a component based event driven ajax enabled framework for PHP4 and PHP 5. It is a combination of plane PHP class and HTML/Javascript.RSPA allows calling server side PHP functions from client javascript events. Visit...