SA-CONTRIB-2009-083 - CCK Comment Reference - Access Bypass

The CCK Comment Reference module enables administrators to define node fields that are references to comments. Users can access comments through the autocomplete path that the module provides even if they don't have access to read comments. Versions affected CCK Comment Reference module versions...

Cross site scripting

Cross-site scripting XSS vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment...

[ONSEC-09-016] Blogolet XSS

ONSEC-09-016 Blogolet XSS Цель: Blogolet CMS Тип: Межсайтовый скриптинг Угроза: Средняя Дата обнаружения: 21.09.2009 Дата оповещения разработчика: 21.09.2009 Дата выхода исправления: 21.09.2009 Автор: Vladimir Vorontsov OnSec Russian Security Group onsec dot ru Описание: Уязвимости существуют из-...

CVE-2009-3313

Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to 1 index.php and 2 editComments.php, and 3 allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action ...

Loggix Project 9.4.5 Remote File Inclusion

In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog : http://sh3ll4u.blogspot.com Dork : No DoRk f0R ScRipT...

Loggix Project 9.4.5 - Multiple Remote File Inclusions

Loggix Project 9.4.5 - Multiple Remote File Inclusions In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...

Loggix Project <= 9.4.5 Multiple Remote File Include Vulnerability

No description provided by source. In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...

CVE-2009-3260

Cross-site scripting XSS vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment...

Cross site scripting

Cross-site scripting XSS vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment...

CVE-2009-3260

Cross-site scripting XSS vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment...

CVE-2009-3260

CVE-2009-3260 describes a Cross-site scripting (XSS) vulnerability in LiveStreet 0.2. The issue allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment. The provided sources consistently identify LiveStreet 0.2 as affected and the exploit path as th...

SA-CONTRIB-2009-058 - Comment RSS - Access bypass

The Comment RSS module provides RSS feeds for comments on individual nodes. The link to this feed contains the node's title. Adding the link to the RSS feed was not respecting access permissions, potentially exposing content not available otherwise. Versions affected Comment RSS for Drupal 5.x...

Advanced Comment System 1.0 - Multiple Remote File Inclusions

Advanced Comment System 1.0 - Multiple Remote File Inclusions ====================================================== Advanced comment system1.0 Remote File Inclusion Vulnerability Found by : kurdish hackers team C0ntact : pshela at YaHoo .com Groups : Kurd-Team site : www.kurdteam.org...

Advanced Comment System 1.0 - Multiple Remote File Inclusions

====================================================== Advanced comment system1.0 Remote File Inclusion Vulnerability Found by : kurdish hackers team C0ntact : pshela at YaHoo .com Groups : Kurd-Team site : www.kurdteam.org ======================================================= +++++++++++++++++...

Advanced Comment System 1.0 Multiple RFI Vulnerabilities

Exploit for unknown platform in category web applications ======================================================== Advanced Comment System 1.0 Multiple RFI Vulnerabilities ======================================================== ====================================================== Advanced...

CVE-2008-7184

Cross-site scripting XSS vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment...

Cross site scripting

Cross-site scripting XSS vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment...

CVE-2008-7184

Cross-site scripting XSS vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment...

DEBIAN-CVE-2009-3050

Buffer overflow in the setpagesize function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file wit...

CVE-2009-3050

Buffer overflow in the setpagesize function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.cxx and ps-pdf.cxx using an AFM font file wit...