OLX: stored XSS in olx.pl - ogloszenie TITLE element - moderator acc can be hacked

Hello, The OLX.PL is vulnerable to stored XSS attack. When adding new advertisement, it is possible to put a payload in its title here I used Titlealert1 I see ads are being pre-moderated, however it can remain uncaught also the length limit in title field is enough to insert into it e.g. a BeEF...

contact-moderation.com XSS vulnerability

Vulnerable URL: http://www.contact-moderation.com/clients/all/abuse.asp?origine=LMid=blog-2698361%22%3E%3Csvg%20onload=alert%28/XSSPOSED/%29%3E=FR Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclose...

Serendipity SQL Injection Vulnerability (CNVD-2015-06035)

Serendipity is a PHP-based blogging system developed by Serendipity team. The system supports the creation of online journals, blogs, web pages and more. An SQL injection vulnerability exists in the 'serendipitycheckCommentToken' function in the include/functionscomments.inc.php script in...

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

CVE-2015-6943

SQL injection vulnerability in the serendipitycheckCommentToken function in include/functionscomments.inc.php in Serendipity before 2.0.2, when "Use Tokens for Comment Moderation" is enabled, allows remote administrators to execute arbitrary SQL commands via the serendipityid parameter to...

WordPress 4.2 stored XSS

OVERVIEW ========== Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default settings the attacker can leverag...

WordPress Core 4.2 - Persistent Cross-Site Scripting

Source: http://klikki.fi/adv/wordpress2.html Overview Current versions of WordPress are vulnerable to a stored XSS. An unauthenticated attacker can inject JavaScript in WordPress comments. The script is triggered when the comment is viewed. If triggered by a logged-in administrator, under default...

WordPress W3 Total Cache PHP Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class Metasploit3 'WordPress W3 Total Cache PHP Code Execution', 'Description' = %q This module exploits a PHP Code Injection vulnerability against WordPress plugin W3...

WordPress W3 Total Cache PHP Code Execution

This module exploits a PHP Code Injection vulnerability against WordPress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows arbitrary PH...

RHEL 7 : krb5 (RHSA-2015:0439)

Updated krb5 packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Drupal Mollom Module Cross-Site Scripting Patch

Drupal today released an update that patches a cross-site scripting vulnerability in a popular spam and content moderation module used by websites built on the open source CMS. The vulnerability was in a feature of the Mollom module that is installed on at least 60,000 sites, said Drupal security...

SA-CONTRIB-2014-088 - Mollom - Cross-site scripting (XSS)

Mollom is an "intelligent" content moderation web service which determines if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster across multiple sites. Mollom offers a feature to report submitted content as inappropriate...

Wordpress W3 Total Cache PHP Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

Simple Machines forum (SMF) 2.0 session hijacking

No description provided by source. Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a...

MyBB 1.0.3 Moderation.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16538/info MyBB is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input. Successful exploitation can allow an attacker to bypass authentication and gain...

vBulletin <= 3.7.1 Moderation Control Panel 'redirect' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/29817/info vBulletin is prone to a cross-site scripting vulnerability that occurs in the MCP moderation control panel because the application fails to properly sanitize user-supplied input. An attacker may leverage this...

CNNVD Gov CN #1 - Filter Bypass & Persistent Vulnerability

Document Title: =============== CNNVD Gov CN 1 - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1209 Release Date: ============= 2014-02-21 Vulnerability Laboratory ID VL-ID: ====================================...

Fedora 20 : ikiwiki-3.20140125-1.fc20 (2014-1747)

Update to the latest stable version. Changes in ikiwiki 3.20140125 : - inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes - osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102 : - aggregate:...

CVE-2013-7233

Cross-site request forgery CSRF vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list...