Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the datatext parameter...

MW6 Technologies Aztec ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - F359732D-D020-40ED-83FF-F381EFE36B54 MW6Aztec Class File...

MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow

No description provided by source. !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File...

MW6 Technologies Aztec - ActiveX 'Data' Buffer Overflow (PoC)

object id=TestObj classid="CLSID:F359732D-D020-...

MW6 Technologies MaxiCode - ActiveX 'Data' Buffer Overflow (PoC)

!-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8 MW6MaxiCode Class File Description : MaxiCode ActiveX File...

MW6 Technologies MaxiCode ActiveX (Data param) - Buffer Overflow

Exploit for windows platform in category dos / poc !-- =========================================================================== Problem: The Data parameter is subject to a buffer overflow DEFINITELY leading to arbitrary code execution. COM Object - 2355C601-37D1-42B4-BEB1-03C773298DC8...

PYSEC-2014-97

Libcloud 0.12.3 through 0.13.2 does not set the scrubdata parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM...

Log1 CMS writeInfo() PHP Code Injection

This module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code...

CVE-2011-0265

Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager OV NNM 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long dataselect1 parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/plugins/OnlineUsers/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSPTConfigdirdata parameter...

Design/Logic Flaw

globsyedit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter...

CVE-2008-4911

PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in read.php in Chattaitaliano Istant-Replay allows remote attackers to execute arbitrary PHP code via a URL in the data parameter...

CVE-2008-2644

Multiple cross-site scripting XSS vulnerabilities in SMEWeb 1.4b and 1.4f allow remote attackers to inject arbitrary web script or HTML via the 1 data parameter to catalog.php, the 2 keyword parameter to search.php, the 3 page parameter to bb.php, and the 4 news parameter to order.php...

CVE-2007-5888

Cross-site scripting XSS vulnerability in displayecard.php in Coppermine Photo Gallery CPG before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter...

CVE-2006-6987

Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target...

CVE-2006-6990

Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...

CVE-2006-6986

Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which...

CVE-2006-6989

Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the...

CVE-2006-6991

Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site,...