CVE-2010-2624

Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 comment parameter to addcomments.php, 2 values parameter to tagsdetails.php, or 3 begin parameter to greetings.php...

Cross site scripting

Cross-site scripting XSS vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php...

Mozilla Products Frame Comment Objects Manipulation Memory Corruption (CVE-2006-6504)

There exists a memory corruption vulnerability in Mozilla Foundation's family of browser products. The flaw exists in specific dynamic manipulations of external Document Object Model DOM objects, specifically comment objects, using scripting techniques. A remote attacker can exploit this...

CVE-2009-4874

TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...

Design/Logic Flaw

TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...

CVE-2009-4874

CVE-2009-4874 affects TalkBack 2.3.14 where the edit comment feature (comments.php) does not correctly enforce access control, allowing remote modification of comments. The root cause is insufficient access restrictions on the edit-comment functionality. Documents do not provide a confirmed patch...

CVE-2009-4874

TalkBack 2.3.14 does not properly restrict access to the edit comment feature comments.php, which allows remote attackers to modify comments...

Directory traversal

Directory traversal vulnerability in the Moron Solutions MS Comment commscomment component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php...

CVE-2010-2050

The CVE-2010-2050 entry describes a directory traversal / Local File Inclusion in the Joomla! component MS Comment (com_mscomment) 0.8.0b by Moron Solutions. An attacker can exploit a flaw in the index.php controller parameter (.. traversal) to read arbitrary files on the server. The issue is cla...

Joomla! Component MS Comment 0.8.0b - Local File Inclusion

Joomla! Component MS Comment 0.8.0b - Local File Inclusion !===========================================================================! Joomla Component MS Comment LFI Vulnerability Author : Xr0b0t [email protected] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name |...

Joomla! Component MS Comment 0.8.0b - Local File Inclusion

!===========================================================================! Joomla Component MS Comment LFI Vulnerability Author : Xr0b0t [email protected] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://Malangcyber.com Date : 16 Mei, 2010...

Directory traversal

Directory traversal vulnerability in the JA Comment comjacomment component for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the view parameter to index.php...

Directory traversal

Directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2010-1602

Directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2010-1601

CVE-2010-1601 refers to a directory traversal (local file inclusion) in the Joomla! JA Comment (com_jacomment) component. The vulnerability exists when an attacker supplies a …/ (dot dot) sequence in the view parameter to index.php, enabling reading of arbitrary files on the affected server. The ...

CVE-2010-1602

Directory traversal vulnerability in the ZiMB Comment comzimbcomment component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. dot dot in the controller parameter to index.php...

CVE-2010-1602

CVE-2010-1602 affects Joomla! ZiMB Comment component 0.8.1 (com_zimbcomment). The vulnerability is a Local File Inclusion via a directory traversal (.. in the controller parameter to index.php), allowing an attacker to read arbitrary files and potentially impact other areas. The Nuclei template c...

Advanced Poll Script SQL Injection / Cross Site Scripting

Exploit Title: XSS and Authentication bypass in Advanced Poll Script Date: 26-apr-2010 Author: Sid3^effects Software Link: N/a CVE : Code : XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ Author:Sid3^effects Description : Advanced Poll is a polling system with...

Cross site scripting

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...

CVE-2010-1539

Cross-site scripting XSS vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field...