178 matches found
Unix TTY, Interact with Established Connection
Interacts with a TTY on an established socket connection This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 0 include Msf::Payload::Single def initializeinfo = supermergeinfoinfo,...
FreeBSD : opera -- multiple vulnerabilities (0e30e802-a9db-11dd-93a2-000bcdf0a03b)
Opera reports : When certain parameters are passed to Opera's History Search, they can cause content not to be correctly sanitized. This can allow scripts to be injected into the History Search results page. Such scripts can then run with elevated privileges and interact with Opera's configuratio...
CVE-2008-3868
Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...
CVE-2008-3867
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the emailuserkey parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...
Sql injection
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the emailuserkey parameter...
CVE-2008-3868
Concretely, CVE-2008-3868 affects Interact 2.4.1 and is a CSRF vulnerability that can allow remote attackers to hijack a super administrator’s session to perform actions that create new super administrator accounts. The root cause is forged HTTP requests that are executed in the context of an aut...
CVE-2008-3867
SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 allows remote attackers to execute arbitrary SQL commands via the emailuserkey parameter...
CVE-2008-3867
Vulnerability summary: CVE-2008-3867 affects Interact 2.4.1. The vulnerability is a SQL injection in spaces/emailuser.php, where input from the email_user_key parameter is not properly sanitized before use in SQL queries, allowing remote attackers to execute arbitrary SQL commands. Impact (as sta...
CVE-2008-3868
Cross-site request forgery CSRF vulnerability in Interact 2.4.1 allows remote attackers to hijack the authentication of super administrators for requests that create super administrator accounts...
Secunia Research: Interact SQL Injection and Cross-Site Request Forgery
====================================================================== Secunia Research 31/10/2008 - Interact SQL Injection and Cross-Site Request Forgery - ====================================================================== Table of Contents Affected...
CVE-2008-3384
Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. dot dot in the 1 module and 2 file parameters...
CVE-2008-3384
CVE-2008-3384 affects Interact Learning Community Environment Interact 2.4.1. Multiple directory traversal vulnerabilities in help/help.php allow remote attackers to include and execute arbitrary local files via a .. in the (1) module and (2) file parameters. The NVD entry notes a CVSS v2 base sc...
[DSECRG-08-031] Local File Include Vulnerability in Interact 2.4.1
Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response: 04.07.2008 Solution: YES Date of Publi...
Interact E-Learning System 2.4.1 (help.php) LFI Vulnerabilities
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response:...
Interact E-Learning System 2.4.1 (help.php) LFI Vulnerabilities
Exploit for unknown platform in category web applications =============================================================== Interact E-Learning System 2.4.1 help.php LFI Vulnerabilities =============================================================== Application: Interact E-Learning System Versions...
DSEGRG-08-31.txt
Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response: 04.07.2008 Solution: YES Date of Publi...
Interact 2.4.1 - help.php Local File Inclusion
Interact 2.4.1 - help.php Local File Inclusion Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor...
Interact 2.4.1 - 'help.php' Local File Inclusion
Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response: 04.07.2008 Solution: YES Date of Publi...
CVE-2008-2220
Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGLANGUAGECPATH parameter to modules/forum/embedforum.php and the 2...