888 matches found
Exponent CMS 0.97 - 'Slideshow.js.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/41447/info Exponent CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...
CVE-2009-4744
Cross-site scripting XSS vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2009-4744
The CVE-2009-4744 entry describes a cross-site scripting (XSS) vulnerability in the Contact module of Exponent CMS 0.97-GA20090213, exploitable via the email parameter to inject arbitrary script/HTML. The issue is remote in nature and could allow user-interface manipulation through crafted input....
CVE-2009-4744
Cross-site scripting XSS vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Exponent CMS 0.96.3 SQL Injection
Exponent CMS 0.96.3 articlemodule Sql Injection Vulnerability ======================================================== Author : T u R c O Home : www.1923Turk.com Script : exponentcms Download Script: http://www.exponentcms.org/install/upgrades/exponent-0.97.0-Beta20080611.zip Dork: "Welcome to...
Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability
No description provided by source. Exponent CMS 0.96.3 articlemodule Sql Injection Vulnerability ======================================================== Author : T u R c O Home : www.1923Turk.com Script : exponentcms Dork: "Welcome to Exponent CMS" | "my new exponent site" inurl:articlemodule ==...
Exponent CMS 0.96.3 - articlemodule SQL Injection
Exponent CMS 0.96.3 - articlemodule SQL Injection Exponent CMS 0.96.3 articlemodule Sql Injection Vulnerability ======================================================== Author : T u R c O Home : www.1923Turk.com Script : exponentcms Dork: "Welcome to Exponent CMS" | "my new exponent site"...
Exponent CMS 0.96.3 (articlemodule) Sql Injection Vulnerability
Exploit for unknown platform in category web applications =============================================================== Exponent CMS 0.96.3 articlemodule Sql Injection Vulnerability =============================================================== Script : exponentcms Dork: "Welcome to Exponent...
Exponent CMS 0.96.3 - 'articlemodule' SQL Injection
Exponent CMS 0.96.3 articlemodule Sql Injection Vulnerability ======================================================== Author : T u R c O Home : www.1923Turk.com Script : exponentcms Dork: "Welcome to Exponent CMS" | "my new exponent site" inurl:articlemodule === Exploit ===...
Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass
Mozilla NSS - NULL Character CA SSL Certificate Validation Security Bypass source: https://www.securityfocus.com/bid/35888/info Mozilla Network Security Services NSS is prone to a security-bypass vulnerability because it fails to properly validate the domain name in a signed CA certificate,...
Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass
Exploit for unknown platform in category remote exploits ====================================================================================== Mozilla NSS NULL Character CA SSL Certificate Validation Security Bypass Vulnerability...
DEBIAN-CVE-2009-1603
src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted...
PT-2009-1081 · Opensc · Opensc
Name of the Vulnerable Software and Affected Versions: OpenSC versions prior to 0.11.8 Description: The issue allows attackers to read the cleartext form of messages that were intended to be encrypted due to incorrect public exponents in generated RSA keys. Exploitation of the vulnerabilities can...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
openssl public key DoS
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
openssl signature forgery
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS 1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying...
openssl public key DoS
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service CPU consumption via parasitic public keys with large 1 "public exponent" or 2 "public modulus" values in X.509 certificates that require extra time to process when using RSA...
CVE-2008-1972
Multiple cross-site scripting XSS vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 firstname, 3...