Drupal 6.22 With Finder 6.x-1.9 Code Execution / Cross Site Scripting

Vulnerability Report Description of Vulnerability: ----------------------------- Drupal http://drupal.org is a robust content management system CMS written in PHP and MySQL. The Drupal Finder module https://drupal.org/project/finder "allows Drupal site administrators to create flexible faceted...

Sql injection

Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor...

perl-CGI-Simple: - hardcoded MIME boundary value for multipart content, CVE-2010-4410 - CRLF injection allowing HTTP response splitting

CRLF injection vulnerability in the header function in 1 CGI.pm before 3.50 and 2 Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline...

[USN-959-1] PAM vulnerability

=========================================================== Ubuntu Security Notice USN-959-1 July 07, 2010 pam vulnerability CVE-2010-0832 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS This advisory...

Code injection

The auto-complete functionality in the Chaos Tool Suite aka CTools module 6.x before 6.x-1.4 for Drupal does not follow access restrictions, which allows remote authenticated users, with "access content" privileges, to read the title of an unpublished node via a q=ctools/autocomplete/node/ value...

Cross site scripting

Cross-site scripting XSS vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-7142

Absolute path traversal vulnerability in the Disk Usage module frontend/x/diskusage/index.html in cPanel 11.18.3 allows remote attackers to list arbitrary directories via the showtree parameter...

CVE-2009-1507

The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x before 6.x-2.0-beta6, a module for Drupal, interprets an empty CCK user reference as a reference to the anonymous user, which might allow remote attackers to bypass intended access restrictions to read or modify a node...

RavenNuke avartarlist.php模块PHP代码注入漏洞

BUGTRAQ ID: 33787 RavenNuke是基于PHP和MySQL的自动新闻发布和内容管理系统。 RavenNuke的avatarlist.php模块没有正确地验证对pregreplace调用所传送的patterns和replacements参数，远程攻击者可以通过向服务器提交恶意请求导致注入并执行任意PHP代码。以下是有漏洞的代码段： $patterns0 = '/.gif/'; $patterns1 = '/.png/'; ... $replacements1 = ''; $replacements0 = ''; ... $entryname =...

XOOPS Module wfdownloads - cid SQL Injection

XOOPS Module wfdownloads - cid SQL Injection XOOPS module wfdownloads SQL Injection AUTHOR : S@BUN HOME : http://www.milw0rm.com/author/1334 MAiL : [email protected] DORK 1 : allinurl: "modules/wfdownloads/viewcat.php?cid" DORK 2 : allinurl: "modules/wfdownloads" EXPLOIT :...

CVE-2007-4210

Multiple SQL injection vulnerabilities in module.php in LANAI la-nai CMS 1.2.14 allow remote attackers to execute arbitrary SQL commands via 1 the mid parameter in an faqviewgroup action in the FAQ Modules, 2 the cid parameter in the EZSHOPINGCART Modules, or 3 the gid parameter in a view action ...

CVE-2006-5449

procmail in Ingo H3 before 1.1.2 Horde module allows remote authenticated users to execute arbitrary commands via shell metacharacters in the mailbox destination of a filter rule...

Cross site scripting

Cross-site scripting XSS vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment...

CVE-2006-0198

Cross-site scripting XSS vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment...

PT-2005-4113 · Blender · Blender

Name of the Vulnerable Software and Affected Versions: Blender version 2.36 Description: The issue allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call. This occurs in the bvh import.py module. Recommendations: For...

postnuke0750.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 PostNuke SQL Injection 0.750=x cXIb8O3.5 Author: cXIb8O3 Date: 2.3.2005 from SecurityReason.Com - --- 0.Description --- PostNuke: The Phoenix Release 0.750 PostNuke is an open source, open developement content management system CMS. PostNuke started a...

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service infinite loop and CPU consumption via a certain HTTP request...

SugarSales Multiple Module Traversal Arbitrary File Access

The remote version of this software has a vulnerability that may allow an attacker to read arbitrary files on the remote host with the privileges of the httpd user. The 'Users' module, 'Calls' module and index.php script are reported to be affected. %NASLMINLEVEL 70300 C Tenable Network Security,...

[Full-Disclosure] [waraxe-2004-SA#032 - Multiple security flaws in PhpNuke 6.x - 7.3]

================================================================================ waraxe-2004-SA032 ================================================================================ Multiple security flaws in PhpNuke 6.x - 7.3...

PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting

PHP-Nuke 6.x7.0 News Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information...