CVE-2008-6283

Cross-site scripting XSS vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."...

CVE-2008-6283

Cross-site scripting XSS vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."...

CVE-2008-6283

CVE-2008-6283 is a reported Cross-site Scripting (XSS) vulnerability in Subtext 2.0 where an attacker can inject arbitrary web script or HTML via a comment, related to the feature that converts URLs to anchor tags. The connected documents confirm the vulnerability description and its classificati...

CVE-2009-0184

Multiple buffer overflows in the torrent parsing implementation in Free Download Manager FDM 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via 1 a long file name within a torrent file, 2 a long tracker URL in a torrent file, or 3 a long comment in a torrent file...

Directory traversal

Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery ESPG 1.72 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as ...

CVE-2009-0331

Directory traversal vulnerability in gallery/comment.php in Enhanced Simple PHP Gallery ESPG 1.72 allows remote attackers to read arbitrary files via a .. dot dot in the file parameter. NOTE: the vulnerability may be in my little homepage Comment script. If so, then this should not be treated as ...

Lore 1.5.6 (article.php) Blind SQL Injection Exploit

No description provided by source. ? / CURL HABILITADO Blind Sql Injections Script Version : Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...

Ninja Blog 4.8 XSRF / XSS

Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...

SA-2008-070 - Comment Mail - Cross site request forgery

The Comment Mail module allows an email to be sent to the site administrators when new comments are posted. Links in the email allow for quick approval, editing, deletion of the comment and/or banning of the poster's IP address. Unfortunately some links are vulnerable to cross site request...

Cross site scripting

Cross-site scripting XSS vulnerability in the leave comment feedback feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 commentauthor Name and 2 commenturl Website parameters...

CVE-2008-4903

Cross-site scripting XSS vulnerability in the leave comment feedback feature in Typo 5.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 commentauthor Name and 2 commenturl Website parameters...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the wpcrdooptionspage function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcrhiddenforminput parameter...

CVE-2008-4732

SQL injection vulnerability in ajaxcomments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the 1 replytotext, 2 quotetext, 3 originallypostedby, 4 sep, 5 maxtags, 6 tagsep, 7 tagheadersep, 8 taglabel, and 9...

CVE-2008-4734

Cross-site request forgery CSRF vulnerability in the wpcrdooptionspage function in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to perform unauthorized actions as administrators via a request that sets the wpcrhiddenforminput parameter...

Sql injection

SQL injection vulnerability in ajaxcomments.php in the WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the p parameter...

CVE-2008-4733

Cross-site scripting XSS vulnerability in wpcommentremix.php in WP Comment Remix plugin before 1.4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the 1 replytotext, 2 quotetext, 3 originallypostedby, 4 sep, 5 maxtags, 6 tagsep, 7 tagheadersep, 8 taglabel, and 9...

CVE-2008-4734

The CVE-2008-4734 entry describes a Cross-Site Request Forgery in the WordPress plugin WP Comment Remix (before 1.4.4). The vulnerability affects the wpcr_do_options_page function, where an attacker can trigger unauthorized administrator actions by crafting a request that sets the wpcr_hidden_for...

CVE-2008-4732

Summary of CVE-2008-4732 : The WP Comment Remix WordPress plugin is affected by an SQL injection in the file ajax_comments.php . The vulnerability allows remote attackers to execute arbitrary SQL commands through the p parameter. Affected version range is plugin versions before 1.4.4 . The issue ...

CVE-2008-4733

CVE-2008-4733 concerns the WP Comment Remix WordPress plugin. The vulnerability is an XSS in wpcommentremix.php affecting versions before 1.4.4, exploitable by supplying crafted values for the parameters (replytotext, quotetext, originallypostedby, sep, maxtags, tagsep, tagheadersep, taglabel, ta...