Lucene search
K

2005 matches found

NVD
NVD
added 2009/01/28 3:30 p.m.13 views

CVE-2008-5995

Cross-site scripting XSS vulnerability in the freeCap CAPTCHA srfreecap extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.7AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2009/01/28 3:0 p.m.45 views

CVE-2008-5995

CVE-2008-5995 is an XSS vulnerability in the TYPO3 freeCap CAPTCHA (sr_freecap) extension prior to 1.0.4. It allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The connected documents confirm the vulnerability, but do not provide explicit exploit details or a ...

4.3CVSS5.9AI score0.01065EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2009/01/28 3:0 p.m.22 views

CVE-2008-5995

Cross-site scripting XSS vulnerability in the freeCap CAPTCHA srfreecap extension before 1.0.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

5.7AI score0.01065EPSS
Exploits0References5
seebug.org
seebug.org
added 2008/11/02 12:0 a.m.3088 views

deV!Lz Clanportal [DZCP] <= 1.4.9.6 Blind SQL Injection Exploit

No description provided by source. use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password = $ARGV3; if !$password...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2008/11/02 12:0 a.m.431 views

DZCP (deV!L_z Clanportal) 1.4.9.6 - Blind SQL Injection

DZCP deV!Lz Clanportal 1.4.9.6 - Blind SQL Injection use HTTP::Cookies; use LWP::UserAgent; my $ua = LWP::UserAgent-new cookiejar = HTTP::Cookies-new,; $ua-agent 'Mozilla/5.0 Gecko/20061206 Firefox/1.5.0.9' ; usage; print "\n"; $server = $ARGV0; $dir = $ARGV1; $username = $ARGV2; $password =...

Exploits0
seebug.org
seebug.org
added 2008/10/24 12:0 a.m.33 views

Joomla Component RWCards 3.0.11 Local File Inclusion Vulnerability

No description provided by source. o------------------------------------------------------------------------------------x | Local File Inclusion Vulnerability | o------------------------------------------------------------------------------------o | Software : RWCards 3.0.11 Component for Joomla...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2008/10/01 12:0 a.m.23 views

printlog-disclose.txt

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Printlog eNYe-Sec - www.enye-sec.org -- Description by the author's page -- PRITLOG is an extremely simple, small and powerful blog system. It does not use or need a MYSQL database and fully works based on flat files. The idea is derived from a...

7.4AI score
Exploits0
Typo3
Typo3
added 2008/09/24 12:0 a.m.15 views

TYPO3 Security Bulletin

It has been discovered that the extension freeCap CAPTCHA srfreecap is vulnerable to Cross-Site Scripting. Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.0.3 and all versions below Vulnerability Type: Cross-Site...

6.7AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2008/09/08 8:18 a.m.21 views

default config values restored

This should be for 2.9.1 - this version was not yet available under "affects versions" when filing this bug. After updating from 2.9 to 2.9.1, most of my settings were overwritten by their default values. - public signup got enabled - the language changed back to english instead of german - e-mai...

0.8AI score
Exploits0
Prion
Prion
added 2008/08/10 8:41 p.m.18 views

Spoofing

The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...

5CVSS7.2AI score0.0195EPSS
Exploits1References3Affected Software2
NVD
NVD
added 2008/08/10 8:41 p.m.16 views

CVE-2008-3573

The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...

5CVSS6.7AI score0.0195EPSS
Exploits1References3
Cvelist
Cvelist
added 2008/08/10 8:0 p.m.22 views

CVE-2008-3573

The CAPTCHA implementation in 1 Pligg 9.9.5 and possibly 2 Francisco Burzi PHP-Nuke 8.1 provides a critical random number the tsrandom value within the URL in the SRC attribute of an IMG element, which allows remote attackers to pass the CAPTCHA test via a calculation that combines this value wit...

6.7AI score0.0195EPSS
Exploits1References3
CVE
CVE
added 2008/08/10 8:0 p.m.47 views

CVE-2008-3573

The CVE-2008-3573 vulnerability affects the CAPTCHA implementations in Pligg 9.9.5 and possibly PHP-Nuke 8.1. A critical ts_random value is embedded in the IMG SRC URL, allowing remote attackers to pass the CAPTCHA by calculating a value that combines ts_random with the current date and the HTTP ...

5CVSS6.7AI score0.0195EPSS
Exploits1References3Affected Software2
securityvulns
securityvulns
added 2008/08/04 12:0 a.m.59 views

Pligg Auto-Voter Using XSS to Bypass CSRF Protection

Explanation: Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $GET'category' variable. Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the attackers choosing. I took inspiration from the Myspac...

1.2AI score
Exploits0
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.27 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. RavenNuke: CAPTCHA bypass...

1.9AI score
Exploits0References3Affected Software3
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.51 views

Insufficient Anti-automation vulnerability in RavenNuke

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Insufficient Anti-automation уязвимости в RavenNuke порте PHP-Nuke. Insufficient Anti-Automation: Уязвимость в капче системы. Эксплоит: http://websecurity.com.ua/uploads/2008/RavenNuke20CAPTCHA20bypass.html Уязвима версия RavenNuke 2.20.01 и...

0.6AI score
Exploits0
securityvulns
securityvulns
added 2008/07/04 12:0 a.m.27 views

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. SLAED CMS: CAPTCHA bypass, crossite scripting...

1.6AI score
Exploits0References3Affected Software3
securityvulns
securityvulns
added 2008/06/26 12:0 a.m.33 views

Cross-Site Scripting vulnerabilities in PHP-Nuke

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в PHP-Nuke. XSS: POST запрос на странице http://site/modules.php?name=YourAccount&op=newuser "script src=http://site/script.js В полях: gfxcheck и randomnum. Эксплоит:...

Exploits0
Prion
Prion
added 2008/06/03 3:32 p.m.21 views

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 GLOBALSBIGACEDIRaddon parameter to a addon/smarty/plugins/function.captcha.php and b system/classes/sql/AdoDBConnection.php; a...

7.5CVSS7.9AI score0.03012EPSS
Exploits1References4Affected Software1
Packet Storm
Packet Storm
added 2008/05/05 12:0 a.m.53 views

adv94-K-159-2008.txt

ECHOADV94$2008 ----------------------------------------------------------------------------------------- ECHOADV94$2008 Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...

7.4AI score
Exploits0
Rows per page
Query Builder