243 matches found
WordPress REST API Plugin Content Injection Vulnerability
WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A content injection vulnerability exists in the WordPress REST API plugin. A remote attacker can exploit the vulnerability to elevate privileges or perform content injectio...
MyBB Cross-Site Scripting Vulnerability (CNVD-2015-05800)
MyBB is a popular web-based very good free forum software developed with PHP and MySQL. A cross-site scripting vulnerability exists in versions of MyBB prior to 1.8.5, which allows remote attackers to inject arbitrary web script or HTML via the content of a post...
GetSimple CMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2015-04182)
GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS versions prior to...
Novell ZENworks Configuration Management Remote Management Component Directory Traversal Vulnerability
Novell ZENworks Configuration Management is a suite of configuration management solutions.Remote Management is a remote management component. A directory traversal vulnerability exists in the UploadServlet in the Remote Management component of Novell ZCM, which can be exploited by a remote attack...
Qi Bo CMS variable coverage leads to sql injection vulnerability analysis report-vulnerability warning-the black bar safety net
Blog post author: Alibaba security research lab—supporting su Release date: 2015-3-10 Blog post content: The recent Alibaba security research laboratory vulnerability monitoring system to monitor attendance Bo cms exist high-risk vulnerabilities that can lead to SQL vulnerability and thus affect...
WordPress 3.5 - Shortcodes / Post Content Multiple Unspecified XSS
...
Thinksaas SQL注入#3
简要描述: Thinksaas SQL注入3 详细说明: 在Thinksaas 的小组功能处,发完贴后,可以补贴。 在编辑补贴时,过滤不完整,导致SQL注入,直接可以注入出数据,显示到帖子内容中。 /app/group/action/after.php文件,在边编辑补贴内容时: //编辑执行 case "edo": if$POST'token' != $SESSION'token' tsNotice'非法操作!'; $afterid = intval$POST'afterid'; $strAfter = $new'group'-find'grouptopicadd',array...
Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery
Hewlett-Packard HP 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620...
Hewlett-Packard (HP) 2620 Switch Series. Edit Admin Account - Cross-Site Request Forgery
Exploit Title: Hewlett-Packard 2620 Switch Series. Edit Admin Account - CSRF Vulnerability Date: 26.09.2013r. Exploit Author: Hubert GrÄ…dek PL Software Link: download link if available Tested on: HP-E2620 24-PoEP // RA.15.05.0006,ROMRA.15.10 HTTP Headers: http://IPADDR/html/json.html Host: IPADD...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
DEBIAN-CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
CVE-2013-0236
Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 gallery shortcodes or 2 the content of a post...
Cross site scripting
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...
CVE-2012-3992
Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting XSS attacks or obtain sensitive POST content via...
CVE-2010-4850
Multiple cross-site scripting XSS vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the 1 postcontent parameter to post/edit/2/p1.html, related to views/post.php; the 2 slogan parameter to admin/site/2.html, related to views/admin.php; or the 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the 1 postcontent parameter to post/edit/2/p1.html, related to views/post.php; the 2 slogan parameter to admin/site/2.html, related to views/admin.php; or the 3...
SOL9913 - Apache Tomcat vulnerability - CVE-2008-4308
Description The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request. Information about this advisory is...
CVE-2008-4308
The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 through 5.5.20 does not return a -1 to indicate when a certain error condition has occurred, which can cause Tomcat to send POST content from one request to a different request...