37 matches found
EUVD-2011-4216
Malware in sbrugna...
EUVD-2007-2925
Malware in sbrugna...
EUVD-2011-2658
Malware in sbrugna...
EUVD-2022-41519
Malicious code in bioql PyPI...
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
Cross site scripting
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
CVE-2022-38972
CVE-2022-38972 is a cross-site scripting vulnerability in the Movable Type plugin A-Form . Affected versions are: prior to 4.1.1 for Movable Type 7 Series, and prior to 3.9.1 for Movable Type 6 Series. The flaw lets a remote, unauthenticated attacker inject arbitrary scripts into users’ browsers....
CVE-2022-38972
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series and versions prior to 3.9.1 for Movable Type 6 Series allows a remote unauthenticated attacker to inject an arbitrary script...
Six Apart Movable Type 跨站脚本漏洞
Six Apart Movable Type MT is a blogging system from Six Apart USA. The system includes features such as multiple users, comments, quotes, and topics. A security vulnerability exists in the Six Apart Movable Type plugin A-Form, which originates from the fact that it allows remote, unauthenticated...
PT-2022-24629 · Movable Type · A-Form
Name of the Vulnerable Software and Affected Versions: Movable Type plugin A-Form versions prior to 4.1.1 for Movable Type 7 Series Movable Type plugin A-Form versions prior to 3.9.1 for Movable Type 6 Series Description: A cross-site scripting issue allows a remote unauthenticated attacker to...
Movable Type plugin A-Form vulnerable to cross-site scripting
Overview Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
JVN#48120704: Movable Type plugin A-Form vulnerable to cross-site scripting
Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update A-Form to the latest version...
Joomla Component Phil-a-Form <= 1.2.0.0 - SQL Injection Exploit
No description provided by source. !/bin/sh Joomla Component Phil-a-Form = 1.2.0.0 SQL Injection Exploit Discovered by: Cody CypherXero Rester Payload: Admin Username and MD5 Hash Retrieval Website: http://www.cypherxero.net Shoutouts to the milw0rm community, the PIMP forums and my blog, of cour...
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
Exploit Title: Wordpress ThinkIT plugin - CSRF / XSS Date: 2013 15 August Exploit Author: Yashar shahinzadeh Special thanks to Mormoroth Credit goes for: http://y-shahinzadeh.ir & ha.cker.ir Vendor Homepage: http://thinkoverit.com/ Tested on: Linux & Windows, PHP 5.2.9 Affected Version : 0.1...
CVE-2011-4274
Cross-site scripting XSS vulnerability in the A-Form PC and PC/Mobile before 3.1 plug-ins for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-2676...
CVE-2011-2676
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors...
Sql injection
The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and A-Form PC and PC/Mobile before 3.1, plug-ins for Movable Type do not require administrative authentication, which allows remote authenticated users to modify data via unspecified vectors...