vBulletin vBSEO 4.x - 'visitormessage.php' Remote Code Injection

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection

vBulletin vBSEO 4.x - visitormessage.php Remote Code Injection + Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage:...

vBulletin 4.2.2 Remote Code Injection

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2014-9685

Summary: CVE-2014-9685 concerns multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums. Affected versions are prior to 2.0.18.13 and 2.1.x prior to 2.1.1. The bugs allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documented impact is user-v...

CVE-2015-0167

textAngular-sanitize.js in the textAngular editor is vulnerable to cross-site scripting (XSS) in versions before 1.3.7. The vulnerability allows remote attackers to inject arbitrary script/HTML via unspecified vectors to the editor. Root cause details are described in the CVE record and CNVD/CVE ...

CVE-2014-8909

CVE-2014-8909 is an XSS vulnerability in IBM WebSphere Portal. Improper validation of user-supplied input allows remote authenticated users to inject arbitrary script or HTML via a crafted URL. Affected versions listed in the sources include WebSphere Portal 6.1.0.x (up to 6.1.0.6 CF27), 6.1.5.x ...

BlinkSale Script Insertion

Document Title: =============== BlinkSale Bug Bounty 1 - Encode & Validation Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1416 Release Date: ============= 2015-02-06 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2015-0072

Cross-site scripting XSS vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a...

PT-2015-3090 · Sap · Sap Hana

Name of the Vulnerable Software and Affected Versions: SAP HANA affected versions not specified Description: The issue is related to incorrect code generation management in the SAP HANA database management system. It allows a remote attacker to inject arbitrary ABAP code. The Extended Application...

Code injection

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive...

CVE-2015-1032

Cross-site scripting XSS vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search...

Cross site scripting

Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...

CVE-2011-5283

Cross-site scripting XSS vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action...

CVE-2011-3592

CVE-2011-3592 affects phpMyAdmin 3.4.x prior to 3.4.5. The issue is an XSS in PMA_unInlineEditRow (js/sql.js) that allows remote authenticated users to inject arbitrary script/HTML via the database name, table name, or column name after an inline-edit operation. Exploitation details are not provi...

CVE-2014-8902

IBM WebSphere Portal Blog Portlet is affected by a reflected cross-site scripting (XSS) vulnerability (CVE-2014-8902) in multiple versions: 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, and 8.5.0 before CF04. The issue allows remot...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a 1 device name, 2 device detail, 3 report name, 4 report detail, or 5 portlet name, or 6 a string to a helper method, aka ZEN-15381...

CVE-2014-5326

Cross-site scripting XSS vulnerability in Direct Web Remoting DWR through 2.0.10 and 3.x through 3.0.RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2014-8683

CVE-2014-8683 describes a Cross-Site Scripting (XSS) flaw in Gogs (Go Git Service). The vulnerability affects Gogs versions 0.3.1-9 through 0.5.x before 0.5.8 and is triggered via the text parameter to the API endpoint api/v1/markdown, allowing injection of arbitrary web script/HTML. The root cau...

CVE-2014-8578

CVE-2014-8578 : XSS in the OpenStack Horizon Groups panel (remote administrators) via a user email address, affecting Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2. Root cause: input handling flaw enables arbitrary script/HTML injection. Connected sources confirm the sam...