3392 matches found
CVE-2006-2420
CVE-2006-2420 affects Bugzilla 2.20rc1 through 2.20 and 2.21.1 when using RSS 1.0, enabling remote XSS via a title element containing HTML-encoded sequences (e.g., ">") that are decoded by some RSS readers. The issue is described as stemming from RSS design/documentation inconsistencies or RSS...
CVE-2006-2420
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...
PT-2006-2940 · Joomla +1 · Joomla! +1
Name of the Vulnerable Software and Affected Versions: Mambo affected versions not specified Joomla! affected versions not specified Description: The issue allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. This is...
[KAPDA::#41] - Mambo/Joomla rss component vulnerability
KAPDA New advisory Mambo website : http://www.mamboserver.com Bug: Path Disclosure & Remote Denial Of Service Exploitation: Remote with browser Exploit: available Description: -------------------- Mambo is a feature-rich dynamic portal engine/content management tool capable of building sites from...
Simplog <= 0.9.2 (s) Remote Commands Execution Exploit
No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "Simplog = 0.9.2 "s" remote cmmnds xctn\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: intext:"Powered by simplog"\r\n\r\n"; if $argc5 echo "Usage: php...
RedBLoG 0.5 - cat_id SQL Injection
RedBLoG 0.5 - catid SQL Injection x128.net oo website : www.x128.net"; function xssexploit $xsstarget = $SERVER'argv'1 . "/modules/blog/rss.php"; $xsshttpget = "?catid=x128"; $xssconnection = curlinit;...
RedBLoG 0.5 - 'cat_id' SQL Injection
x128.net oo website : www.x128.net"; function xssexploit $xsstarget = $SERVER'argv'1 . "/modules/blog/rss.php"; $xsshttpget = "?catid=x128"; $xssconnection = curlinit;...
CVE-2006-1041
Multiple cross-site scripting XSS vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 rssquery parameter to search.php or 2 tag parameter to tags.php...
CVE-2006-0389
Cross-site scripting XSS vulnerability in Syndication Safari RSS in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds...
Cross site scripting
Cross-site scripting XSS vulnerability in Syndication Safari RSS in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds...
CVE-2006-0389
Cross-site scripting XSS vulnerability in Syndication Safari RSS in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds...
CVE-2006-0389
CVE-2006-0389 describes a cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) on Mac OS X 10.4 through 10.4.5. The flaw allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds, in the context of the affected user’s browser. Affected pro...
Gregarius 0.5.2 XSS and SQL Injection Vulnerabilities
http://gregarius.net/ Gregarius is a web-based RSS/RDF/ATOM feed aggregator, designed to run on your web server, allowing you to access your news sources from wherever you want. XSS in search.php: search.php?rssquery=scriptalert1/script&rssquerymatch=exact XSS in tags.php:...
simpleBlogXSS.txt
Hackers Center Security Group http://www.hackerscenter.com/ Zinho's Security Advisory Risk: High - Note from the author Simple Blog is a free weblog application intended for personal use. The latest version, 2.1, features xhtml/css template structure, rss feed, blog calendar and an easy to use...
DSA-944-1 mantis - several
Bulletin has no description...
CVE-2005-4523
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information...
CVE-2005-4523
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information...
CVE-2005-4523
CVE-2005-4523 affects Mantis (MantisBT) 1.0.0rc3 and earlier. Root cause: private bugs are disclosed via public RSS feeds, enabling remote attackers to obtain sensitive information. Impact: information disclosure of private bugs. Mitigation: upgrade to fixed Mantis versions as referenced in Debia...
phpBB Blog 2.2.2 SQL inj. vuln.
phpBB Blog 2.2.2 SQL inj. vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html vendor:http://www.outshine.com/phpbbblog/ affected version:2.2.2 and prior Product Description: This is a blog system for phpBB. It...
saralblog v1 SQL inj. vuln.
saralblog v1 SQL inj. vuln. Vuln. dicovered by : r0t Date: 6 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/saralblog-v1-sql-inj-vuln.html vendor:http://www.saralblog.org/ affected version:v.1 and prior Product Description: saralblog is a very simple to use blog, which has some ve...