Vulnerabilities in Contact Form ][ for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Insufficient Anti-automation, Abuse of Functionality и Cross-Site Scripting уязвимостях в плагине Contact Form для WordPress. Insufficient Anti-automation: Отсутствие капчи позволяет слать автоматические сообщения в частности спам админам сайта...

CVE-2008-3394

Multiple cross-site scripting XSS vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the 1 gallery and 2 searchstring parameters...

Unfixed XSS vulnerability at www.masterlock.com

Security researcher mckt, has submitted on 25/07/2008 a cross-site-scripting XSS vulnerability affecting www.masterlock.com, which at the time of submission ranked 265381 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2008. It is current...

Unfixed XSS vulnerability at www.bettycrocker.com

Security researcher holisticinfosec, has submitted on 24/07/2008 a cross-site-scripting XSS vulnerability affecting www.bettycrocker.com, which at the time of submission ranked 15293 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/07/2008. I...

CVE-2008-3225

Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."...

CVE-2008-3197

Cross-site request forgery CSRF vulnerability in phpMyAdmin before 2.11.7.1 allows remote attackers to perform unauthorized actions via a link or IMG tag to 1 the db parameter in the "Creating a Database" functionality dbcreate.php, and 2 the convcharset and collationconnection parameters related...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

Unspecified vulnerability in the PDF Generator 2 pdfgenerator2 extension 0.5.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Unprotected test functionality."...

CVE-2008-3048

CVE-2008-3048 concerns the PDF Generator 2 (pdf_generator2) extension for TYPO3 (versions 0.5.0 and earlier). The vulnerability is described as unspecified with unknown impact and attack vectors, related to an "Unprotected test functionality." The connected documents provide the affected product ...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

CVE-2008-2826

Integer overflow in the sctpgetsockoptlocaladdrsold function in net/sctp/socket.c in the Stream Control Transmission Protocol sctp functionality in the Linux kernel before 2.6.25.9 allows local users to cause a denial of service resource consumption and system outage via vectors involving a large...

Unfixed XSS vulnerability at www.poemhunter.com

Security researcher skathgh420, has submitted on 29/06/2008 a cross-site-scripting XSS vulnerability affecting www.poemhunter.com, which at the time of submission ranked 6625 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2008. It is...

Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2848

Cross-site scripting XSS vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Unfixed XSS vulnerability at www.magnus.de

Security researcher kInGoFcHaOs, has submitted on 18/06/2008 a cross-site-scripting XSS vulnerability affecting www.magnus.de, which at the time of submission ranked 18981 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/07/2008. It is...

Unfixed XSS vulnerability at kritiker.se

Security researcher bycasper41, has submitted on 06/07/2008 a cross-site-scripting XSS vulnerability affecting kritiker.se, which at the time of submission ranked 456297 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/07/2008. It is currentl...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-2420

The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists CRL, which allows remote attackers to bypass intended access restrictions by using revoked certificates...

CVE-2008-1669

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...

Race condition

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to 1 execute code in parallel or 2 exploit a race condition to obtain "re-ordered access to the descriptor table."...