SiteEngine 7.1 - SQL Injection

Title: SiteEngine 7.1 SQL injection Vulnerability Date: 2010-11-25 Author: Beach Team: www.linux520.com Vendor: www.siteengine.net www.boka.cn Dork: "Powered by SiteEngine" //300,000 + Language:PHP Greetz: birdarmy Description: Exploit this vulnerability comment must be enabled default == enable...

douran portal 3.9.7.55 - Multiple Vulnerabilities

=========================================================== + Douran Portal alert'ITSecTeam' 2 Remote File Upload : Note : Worked In Older 3.8.2.2 Poc : You Can Upload Your File Without Check Authorization You Can Upload : string acceptedFiles =...

Debian Security Advisory DSA 2113-1 (drupal6)

The remote host is missing an update to drupal6 announced via advisory DSA 2113-1. OpenVAS Vulnerability Test $Id: deb21131.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2113-1 drupal6 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

Micro CMS v1.0 b1 Persistent XSS Vulnerability

Exploit for php platform in category web applications ============================================== Micro CMS v1.0 b1 Persistent XSS Vulnerability ============================================== Class: Persistent Cross-Site Scripting Severity: High Overview: --------- Micro CMS is prone to...

CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

Authorization

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

CVE-2010-3093

CVE-2010-3093 affects Drupal 5.x prior to 5.23 and Drupal 6.x prior to 6.18. The vulnerability allows remote authenticated users with certain privileges to bypass intended access controls and reinstate removed comments via a crafted URL, related to an “unpublishing bypass” issue. Root cause: a fl...

Debian DSA-2113-1 : drupal6 - several vulnerabilities

Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to use...

DSA-2113-1 drupal6 - several vulnerabilities

Bulletin has no description...

Can't set visibility on comment created via Activity Stream Gadget

I can't restrict the visibility of an comment created via the activity stream gadget. In our environment it is important for us to have this feature available everywhere where users are able to create comments on issues...

Can't set visibility on comment created via Activity Stream Gadget

I can't restrict the visibility of an comment created via the activity stream gadget. In our environment it is important for us to have this feature available everywhere where users are able to create comments on issues...

WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting

Author: Craw Email: [email protected] Software Link: http://wordpress.org/extend/plugins/events-manager-extended/ Version: 3.1.2 Category: webapplications ======================================================= + ExploiT 1 : If you are allowed to leave a comment: Persistent XSS Vulnerability: You...

GuestBookPlus HTML Injection / Comment Bypass

======================================================================= In the name of ALLAH ! ======================================================================= GuestBookPlus Script PHP HTML Injection Vuln. =======================================================================...

Fedora 14 : drupal-6.19-1.fc14 (2010-13031)

DRUPAL-SA-CORE-2010-002 Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script, for each site. Advisory ID: DRUPAL-SA-CORE-2010-002 Project: Drupal core Version: 5.x, 6.x Date:...

Fedora 12 : drupal-6.19-1.fc12 (2010-12742)

DRUPAL-SA-CORE-2010-002 Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script, for each site. Advisory ID: DRUPAL-SA-CORE-2010-002 Project: Drupal core Version: 5.x, 6.x Date:...

Fedora 13 : drupal-6.19-1.fc13 (2010-12753)

DRUPAL-SA-CORE-2010-002 Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script, for each site. Advisory ID: DRUPAL-SA-CORE-2010-002 Project: Drupal core Version: 5.x, 6.x Date:...

SA-CORE-2010-002 - Drupal core - Multiple vulnerabilities

Multiple vulnerabilities and weaknesses were discovered in Drupal. OpenID authentication bypass The OpenID module provides users the ability to login to sites using an OpenID account. The OpenID module doesn't implement all the required verifications from the OpenID 2.0 protocol and is vulnerable...

Cross site scripting

Cross-site scripting XSS vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment...

CVE-2010-2692

Cross-site scripting XSS vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment...