57 matches found
CVE-2021-24884 Formidable Form Builder < 4.09.05 - Unauthenticated Stored Cross-Site Scripting
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...
CVE-2018-5681
PrestaShop 1.7.2.4 has XSS via source-code editing on the "Pages Edit page" screen...
CVE-2018-5681
PrestaShop 1.7.2.4 is affected by a cross-site scripting (XSS) vulnerability that can be triggered via the Source Code editing option on the Pages > Edit page screen. The issue is documented in CVE-2018-5681 with notes that the vulnerability exists in the 1.7.2.4 release and is disclosed by mu...
[SECURITY] Fedora 27 Update: emacs-25.3-3.fc27
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows...
YXcmsApp某处xss导致getshell
简要描述: xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明: YXCMS是一款面向企业的内容管理系统,采用三级缓存,MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面,点击信息发布 - 增加咨询,发现是一个富文本编辑器,kindeditor。不管是什么编辑器,既然给了一个用户这么大的权限,这种情况下很容易出现xss。 随便输入点什么东西,抓包,修改content字段内容,写你的xss代码,什么都行。 好了。管理员在后台就能看到我提交的文章: 然后编辑的话就能触发xss:...
[SECURITY] Fedora 17 Update: emacs-24.1-4.fc17
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows...
[SECURITY] Fedora 16 Update: emacs-23.3-10.fc16
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows...
ShopEx V4. 8(v4. 8 4,v4. 8 5) the background write WebShell-vulnerability warning-the black bar safety net
ShopEx online store system sales platform, is one of the earliest online shop software provider; is currently the shop system continued research and development of the oldest of the company; is currently the shop software domestic the highest market share of the software provider; is currently th...
Maian Greeting v2.1 Multiple Vulnerabilities (XSS/SQL INJECTION)
---------------------------------------------------------------- Script : Maian Greeting v2.1 Type : Multiple Vulnerabilities XSS/SQL INJECTION ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash Our Team : IRCRASH...
The admin back-end to hide the ASP Backdoor-vulnerability warning-the black bar safety net
Today that is in the administrator backend login screen hidden our back door, which is relatively safe, because the administrator of the inlet is not Often change, as long as his login screen on our back door just in! 1. From our SHELL found on the administrator portal page 2. Edit it in the fina...
[SECURITY] Fedora 7 Update: emacs-22.1-5.fc7
Emacs is a powerful, customizable, self-documenting, modeless text editor. Emacs contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for X windows...
QuickTicket multiple sql inj.
QuickTicket multiple sql inj. Vuln. discovered by : r0t Date: 27 June 2007 vendor:http://www.qt-cute.org/ orginal advisory: http://pridels-team.blogspot.com/2007/06/quickticket-multiple-sql-inj.html affected versions: tested on QuickTicket 1.2 build:20070621 other versions also can be affected...
[SA23865] Enthusiast Cross-Site Scripting and SQL Injection
TITLE: Enthusiast Cross-Site Scripting and SQL Injection SECUNIA ADVISORY ID: SA23865 VERIFY ADVISORY: http://secunia.com/advisories/23865/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Enthusiast 3.x http://secunia.com/product/13303...
Avactis Shopping Cart vuln.
Avactis Shopping Cart vuln. Vuln. discovered by : r0t Date: 1 may 2006 vendor:http://www.avactis.com affected versions:0.1.2 and prior orginal advisory: http://pridels.blogspot.com/2006/05/avactis-shopping-cart-vuln.html Vuln. Description: 1. sql inj. Avactis Shopping Cart contains a flaw that...
Cartweaver ColdFusion vuln.
Cartweaver ColdFusion vuln. Vuln. discovered by : r0t Date: 25 april 2006 vendorlink:www.cartweaver.com affected versions:2.16.11 and previous orginal advisory:http://pridels.blogspot.com/2006/04/cartweaver-coldfusion-vuln.html Vuln. Description: 1. SQL Injection vuln. Cartweaver ColdFusion...
CVE-2006-1910
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
phpLinks <= 2.1.3.1 XSS vuln.
phpLinks = 2.1.3.1 XSS vuln. Vuln. discovered by : r0t Date: 16 april 2006 vendorlink:http://sourceforge.net/projects/phplinks/ affected versions:phpLinks 2.1.3.1 and previous orginal advisory: http://pridels.blogspot.com/2006/04/phplinks-2131-xss-vuln.html Vuln. Description: phpLinks contains a...
Musicbox vuln.
Musicbox vuln. Vuln. discovered by : r0t Date: 16 april 2006 vendorlink:http://www.musicboxv2.com/ affected versions:2.3.3 and previous orginal advisory:http://pridels.blogspot.com/2006/04/musicbox-vuln.html Vuln. Description: 1. Input passed to the "term" parameter when performing a search isn't...
APT-webshop-system vuln.
APT-webshop-system vuln. Vuln. discovered by : r0t Date: 9 april 2006 vendor:http://www.apt-webservice.de/shopsoftware/ affected versions: 4.0 PRO 3.0 BASIC 3.0 LIGHT orginal advisory: http://pridels.blogspot.com/2006/04/apt-webshop-system-vuln.html Vuln. description: 1. SQL injection vuln...