Sql injection

SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through 2.3.9-4 fixed in Centreon web 2.6.0 allows remote authenticated users to execute arbitrary SQL commands via the menu parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...

CVE-2012-5553

Multiple cross-site scripting XSS vulnerabilities in the OM Maximenu module 6.x-1.x before 6.x-1.44 and 7.x-1.x before 7.x-1.44 for Drupal allow remote authenticated users with the "administer OM Maximenu" permission to inject arbitrary web script or HTML via the 1 Menu Title 2 Link Title, 3 Path...

UMPlayer Portable 0.95 - Crash (PoC)

UMPlayer Portable 0.95 - Crash PoC Exploit Title: UMPlayer Portable Edition Date: 2012-11-28 Exploit Author: p3kok Vendor Homepage: http://www.umplayer.com/ Software Link: http://sourceforge.net/projects/umplayer/ or http://www.umplayer.com/download/ Version: 0.95Portable Edition Compiled 4.7.0...

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...

CVE-2012-3001

Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."...

Command injection

Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."...

CVE-2012-3001

Mutiny Standard before 4.5-1.12 is vulnerable to a command-injection in the network-interface menu. An authenticated attacker can trigger arbitrary commands with root privileges via the admin interface; patches exist in 4.5-1.12 or newer. This is evidenced by multiple sources (NVD, CERT, OpenVAS,...

Getting Started: Your Guide to Windows 8

Back in 1991, Microsoft released their first version of Windows, a mouse-driven graphical user interface that revolutionized the way we use computers, both at home and in the workplace. Microsoft's newest operating system has a whole new interface and loads of new features. Windows 8 introduces a...

MyAuth3 - Blind SQL Injection

MyAuth3 - Blind SQL Injection Exploit Title: MyAuth3 Blind SQL Injection / Root Shell Access 0day exploit Google Dork: allinurl:1881/?console=panel Date: 09/06/2011 Author: Marcio Almeida marcioatalligatorteamdot org | @marcioalm Version: 3.0 Tested on: Linux EDB-Note: apparently no true exploit ...

SiteGo - Remote File Inclusion

SiteGo - Remote File Inclusion Exploit Title: SiteGo Remote File Inclusion Vulnerability Date: 10/09/2012 Author: L0n3ly-H34rT Contact: [email protected] My Site: http://se3c.blogspot.com/ Vendor Link: http://site-go.com/ Software Link: http://site-go.com/free/site-go.zip Tested on:...

XSS vulnerability in the "import word document" page action through the page name

On the "import word document" page action the name of the confluence page is a persistent xss vector as it is not encoded. How to Reproduce: 1. Create a confluence page with the following title noformat XSS"/alert'XSS' noformat 2. Navigate to the created page 3. Under the tools menu select "Impor...

Mozilla Firefox Multiple Vulnerabilities - July12 (Windows)

This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12win.nasl 6018 2017-04-24 09:02:24Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Windows Authors: Rachana Shetty Copyright: Copyright c...

Mozilla Firefox Multiple Vulnerabilities - July12 (Mac OS X)

This host is installed with Mozilla firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnjul12macosx.nasl 5963 2017-04-18 09:02:14Z teissa $ Mozilla Firefox Multiple Vulnerabilities - July12 Mac OS X Authors: Rachana Shetty Copyright: Copyright...

Mozilla Firefox Multiple Vulnerabilities (Jul 2012) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: XSS and code execution through data: URLs (MFSA 2012-46)

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting XSS attacks via a crafted URL...

XSS through data: URLs — Mozilla

Mozilla security researcher mozbugra4 reported a cross-site scripting XSS attack through the context menu using a data: URL. In this issue, context menu functionality "View Image", "Show only this frame", and "View background image" are disallowed in a javascript: URL but allowed in a data: URL,...

OpenCart CMS Cross Site Scripting

| |/ | | / | | / \ | | | | / \ | | | |/ | | / | | | | ' \ / / / / / / / / | / / \ \ | | | | | |/ / | | | \ \ \ | | \ \ \ | / / /||/|| |// \ , /\ , /|// || / || || / || || -------------------------------------------------------------------...

CVE-2012-2563

Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Bloxx Web Filtering before 5.0.14 allow 1 remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the Bloxx Reports component, and allow 2 remote authenticated administrators to inject arbitrary web scrip...