Cross site scripting

Cross-site scripting XSS vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form...

CVE-2008-0204

Multiple cross-site scripting XSS vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...

CVE-2008-0204

CVE-2008-0204 affects the WordPress plugin Math Comment Spam Protection (versions 2.1 and earlier). The vulnerability is multiple cross-site scripting (XSS) flaws in the file math-comment-spam-protection.php, exploitable via the parameters mcsp_opt_msg_no_answer or mcsp_opt_msg_wrong_answer in wp...

CVE-2008-0205

Multiple cross-site request forgery CSRF vulnerabilities in math-comment-spam-protection.php in the Math Comment Spam Protection 2.1 and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the 1 mcspoptmsgnoanswer or 2 mcspoptmsgwronganswer parameter to...

PT-2008-1640 · WordPress · Peter'S Random Anti-Spam Image Plugin

Name of the Vulnerable Software and Affected Versions: Peter's Random Anti-Spam Image plugin for WordPress versions 0.2.4 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the comment field in the "comment form" API endpoint, "/comment". This is...

CVE-2007-6677

Cross-site scripting XSS vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form...

CVE-2008-0205

CVE-2008-0205 concerns the WordPress Math Comment Spam Protection plugin (version 2.1 and earlier). The vulnerability is a set of cross-site request forgery (CSRF) flaws in the file math-comment-spam-protection.php that let remote attackers perform administrator actions via the parameters mcsp_op...

WordPress Peter's Random Anti-Spam Image Plugin <= 0.2.4 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the comment field in the comment form. Solution Update the plugin...

WordPress Math Comment Spam Protection Plugin <= 2.1 - CSRF

Because of these vulnerabilities, the attackers can perform actions as administrators. Solution Update the plugin...

FreeBSD : gallery2 -- multiple vulnerabilities (4aab7bcd-b294-11dc-a6f0-00a0cce0781e)

The Gallery team reports : Gallery 2.2.4 addresses the following security vulnerabilities : - Publish XP module - Fixed unauthorized album creation and file uploads. - URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

gallery2 -- multiple vulnerabilities

The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

DEBIAN-CVE-2007-6277

Multiple buffer overflows in Free Lossless Audio Codec FLAC libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via large 1 Metadata Block Size, 2 VORBIS Comment String Size, 3 Picture Metadata MIME-TYPE Size, 4 Picture Description Size, 5 Picture Data Length, 6...

Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Math Comment Spam Protection: Crossite scripting...

Format string

frame.html in Aida-Web Aida Web allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the 1 Mehr and 2 SUPER parameters...

CVE-2007-6056

frame.html in Aida-Web Aida Web allows remote attackers to bypass a protection mechanism and obtain comment and task details via modified values to the 1 Mehr and 2 SUPER parameters...

EEYE: Multiple Vulnerabilities In .FLAC File Format and Various Media Applications

Multiple Vulnerabilities In .FLAC File Format and Various Media Applications Release Date: November 15, 2007 Date Reported: September 28, 2007 Vendor Reporting Coordination Began With US-CERT Severity: High Remote Code Execution Vendor: Multiple Vendors Systems Affected: Applications with FLAC...

CVE-2003-1534

The CVE-2003-1534 entry concerns Justice Guestbook 1.3, specifically the jgb.php3 CGI. The vulnerability is a Cross‑Site Scripting (XSS) flaw triggered by user-supplied input in multiple fields (name, homepage, aim, yim, location, comment), with the underlying cause being insufficient input valid...

sphpblog051-multi.txt

Title: Simple PHP Blog sphpblog Released on: 2007/10/21 Changelog: ---------- L M H T Summary: Ip Spoofing X X Cross Site Scripting X X Session Fixation X X mail CRLF Injection X Local File Inclusion +CSRF X X File Deletion +CSRF X X File Upload Vulnerability X X Code Execution +CSRF X X Legend: ...

SA-2007-030 - Drupal Core - API handling of unpublished comment.

The publication status of comments is not passed during the hookcomments API operation, causing various modules that rely on the publication status such as Organic groups, or Subscriptions to mail out unpublished comments. Versions affected Drupal 4.7.x before version 4.7.8 Drupal 5.x before...