Diigo Toolbar and Diigolet Comment Feature - HTML Injection / Information Disclosure

source: https://www.securityfocus.com/bid/29611/info Diigo Toolbar and Diigolet are prone to an HTML-injection vulnerability and an information-disclosure vulnerability when handling data via the 'comment' feature. An attacker can exploit the HTML-injection issue to run arbitrary HTML and script...

Diigo Toolbar and Diigolet Comment Feature - HTML Injection Information Disclosure

Diigo Toolbar and Diigolet Comment Feature - HTML Injection Information Disclosure source: https://www.securityfocus.com/bid/29611/info Diigo Toolbar and Diigolet are prone to an HTML-injection vulnerability and an information-disclosure vulnerability when handling data via the 'comment' feature...

CVE-2008-2698

Multiple cross-site scripting XSS vulnerabilities in photoadd-c.php aka the "add comment" section in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 comment, 2 id, or 3 category parameter...

webalbum-xss.txt

================================================================ WEBAlbum XSS Vulnerabilities POST Variable: id POST Variable: category Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, Win7dos, JabAv0C...

GV PostScript Viewer Remote Buffer overflow Exploit (2)

No description provided by source. there are at least 4 other stack buffer overflows, and 2 heap overflows. the first exploit i wrote exploited the one in the GLSA, and this one exploits that hole and four other ones as well. all of these are in the psscan function located in the ps.c file: 'grep...

Authentication flaw

admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...

CVE-2008-2293

admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...

CVE-2008-2293

admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...

CVE-2008-2293

The CVE-2008-2293 issue affects Multi-Page Comment System (MPCS) 1.0 and 1.1, where remote attackers can bypass authentication and escalate privileges by setting the CommentSystemAdmin cookie to 1. The available sources describe an authentication bypass via a cookie manipulation, marking it as a ...

Multi-Page Comment System 1.1.0 - Insecure Cookie Handling

Multi-Page Comment System 1.1.0 - Insecure Cookie Handling --==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==--...

Multi-Page Comment System 1.1.0 - Insecure Cookie Handling

--==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 15 MAY...

CVE-2008-2018

The AssignUser function in template.class.php in PHPizabi 0.848b C1 HFP3 performs unsafe macro expansions on strings delimited by '' and '' characters, which allows remote authenticated users to obtain sensitive information via a comment containing a macro, as demonstrated by a "user.password"...

Sql injection

SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1890

SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1890

SQL injection vulnerability in the Jom Comment 2.0 build 345 component for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2008-1890

CVE-2008-1890 describes a SQL injection vulnerability in the Jom Comment 2.0 (build 345) component for Joomla!. The affected product is Jom Comment 2.0 for Joomla!, and the root cause is SQL injection via unspecified vectors, enabling remote attackers to execute arbitrary SQL commands. The vulner...

Breakthrough SQL injection limit of a little thought-vulnerability warning-the black bar safety net

Suddenly wonder if we can use what method to bypassSQL injectionlimit? Online to study a bit, and the method mentioned most of them are for AND with“'”and“=”, filter breakthrough, although a little progress, but still there are some keyword is not a bypass, because I don't ofteninvasionsite so di...

AlsaPlayer buffer overflow

Buffer overflow on oversized .ogg comment...

PT-2008-3075 · Oocomments · Oocomments

Name of the Vulnerable Software and Affected Versions: ooComments version 1.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PathToComment parameter for classes/class admin.php and classes/class comments.php, such as the API endpoint "/classes/class...

XSS vulnerabilities in create/edit/copy page and blogpost actions

The following create/edit page URL's are vulnerable: - /pages/createpage.action - /pages/docreatepage.action - /pages/editpage.action - /pages/doeditepage.action on parentPageString, mode, labelsString, captchaId The following create/edit blogpost URL's are vulnerable: -...