3941 matches found
CVE-2013-2704
Cross-site request forgery CSRF vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences...
CVE-2013-2704
Cross-site request forgery CSRF vulnerability in the Dropdown Menu Widget plugin 1.9.1 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting XSS sequences...
CVE-2013-2704
The CVE-2013-2704 entry concerns the WordPress plugin Dropdown Menu Widget (version 1.9.1). The vulnerability is described as a Cross-Site Request Forgery (CSRF) that allows remote attackers to hijack the authentication of arbitrary users for requests that insert Cross-Site Scripting (XSS) sequen...
Zoom X4 / X5 SQL Injection / Authentication Bypass Vulnerabilities
Zoom X4 and X5 modems suffers from authentication bypass and remote SQL injection vulnerabilities. Vulnerable Products - Zoom X4 ADSL Modem and Router running Nucleus/4.3 UPnP/1.0Virata-EmWeb/R620 Server All GS Firmware versions Zoom X5 ADSL Modem and Router running Nucleus/4.3...
Windows 7 SP1 Local Access SYSTEM Compromise
Discovered by: Anastasios Monachos secuid0 - anastasiosmatgmaildotcom Vendor: Microsoft Affected Software: Windows 7 SP1 and probably other Title: Owning Windows 7 - From Recovery to "nt authority\system" - Physical Access Required See also:...
aSc Timetables 2013 - Local Stack Buffer Overflow
aSc Timetables 2013 - Local Stack Buffer Overflow !/usr/bin/python Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability Researcher : Souhail Hammou Dark-Puzzle Research Team : http://itsecurity.ma Facebook : http://www.facebook.com/dark.puzzle.sec Date : 22/06/2013 Download Website :...
aSc Timetables 2013 - Local Stack Buffer Overflow
!/usr/bin/python Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability Researcher : Souhail Hammou Dark-Puzzle Research Team : http://itsecurity.ma Facebook : http://www.facebook.com/dark.puzzle.sec Date : 22/06/2013 Download Website : www.asctimetables.com/downloaden.html Software...
Command injection
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...
CVE-2013-3666
The LG Hidden Menu component for Android on the LG Optimus G E973 allows physically proximate attackers to execute arbitrary commands by entering USB Debugging mode, using Android Debug Bridge adb to establish a USB connection, dialing 3845973, modifying the WLAN Test Wi-Fi Ping Test/User Command...
CVE-2013-3535
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 adminemail, 2 headertitle, 3 sitetitle parameter to admin/settings; 4 recaptchaprivate or 5 recaptchapublic parameter to admin/captchasettings; 6...
Moving custom attributes through import/export of CSV file
Purpose To export custom attributes from one installation of Business View to another, follow these steps: 1. Click Configuration in the top right corner of the screen and navigate to the Import/Export pane. 2. This step is not mandatory If you want to pre-designate which custom attributes Busine...
Cross site scripting
Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...
CVE-2013-0324
Cross-site scripting XSS vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus and menu items" permission to inject arbitrary web script or HTML via the menu link title...
CVE-2013-0324
CVE-2013-0324 concerns the Drupal Menu Reference module. The vulnerability affects Menu Reference 7.x-1.x prior to 7.x-1.0, where the rendered links formatter does not escape HTML in the menu link title. This enables remote authenticated users with the credential to Administer menus and menu item...
WordPress Dropdown Menu Widget Plugin <= 1.7.1 - CSRF and XSS
Because of this vulnerability, the attackers can hijack the authentication of arbitrary users for requests that insert cross-site scripting sequences. Solution Update the plugin...
java-1_7_0-openjdk: update to 2.3.6 (critical)
java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes: Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at constructi...
SA-CONTRIB-2013-022 - Menu Reference - Cross site scripting (XSS)
Module Menu Reference doesn't escape HTML that contains menu link title displayed in Menu Reference "Rendered links" formatter. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "Administer menus and menu items" to insert HTML code in menu link titl...
Wordpress admin-menu-editor plugin Full Path Disclosure vulnerability
Exploit for php platform in category web applications http://localhost/wp-content/plugins/admin-menu-editor/menu-editor.php Demo: http://jaguari.rs.gov.br/wp-content/plugins/admin-menu-editor/menu-editor.php http://eusoufan.com.br/wp-content/plugins/admin-menu-editor/menu-editor.php...
Joomla mega menu module File Upload Vulnerability metasploit
Exploit for php platform in category remote exploits This is private exploit. You can buy it at https://0day.today...