Lucene search
+L

406 matches found

cvelist
cvelist
added 2009/02/25 11:0 p.m.23 views

CVE-2008-6275

Cross-site scripting XSS vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages...

5.8AI score0.01065EPSS
Exploits0References5
cve
cve
added 2009/02/25 11:0 p.m.50 views

CVE-2008-6275

The CVE-2008-6275 entry describes a cross-site scripting (XSS) vulnerability in the Drupal User Karma module (versions 5.x prior to 5.x-1.13 and 6.x prior to 6.x-1.0-beta1). The flaw allows remote attackers to inject arbitrary web script or HTML via unspecified messages. The available documents c...

4.3CVSS5.9AI score0.01065EPSS
Exploits0References5Affected Software1
seebug
seebug
added 2008/11/30 12:0 a.m.26 views

Drupal User Karma模块跨站脚本和SQL注入漏洞

BUGTRAQ ID: 32491 Drupal的User Karma模块用于显示和管理用户的karma点数。 User Karma模块没有正确地过滤内容类型和投票API值便用在了SQL查询中,这可能导致SQL注入攻击;此外攻击者还可以通过向该模块提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Drupal User Karma 6.x Drupal User Karma 5.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
metasploit
metasploit
added 2008/07/22 3:51 p.m.13 views

DNS Spoofing Helper Service

This module provides a DNS service that returns TXT records indicating information about the querying service. Based on Dino Dai Zovi DNS code from Karma. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resol...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/03/06 12:0 a.m.59 views

[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1 Versions Affected: Ruby 1.8.4 and all prior versions 1.8.5-p114 and all prior versions 1.8.6-p113 and all prior versions 1.9.0-1...

7AI score
Exploits0
nessus
nessus
added 2005/02/15 12:0 a.m.21 views

Rio Karma MP3 Player File Upload Service Detection

The remote device seems to be a Rio Karma MP3 player, running the Rio Kama file upload service. Make sure the use of such network devices are done in accordance with your corporate security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
Rows per page
Query Builder