xss by swf file

In confluence comment module user can embed swf file in their comment, confluence are using a atltoken parameter on GET HTTP request, if the attacker send the link of .swf file the value of src on embed tag to his victim the malicious .SWF won't execute on the victim's browser . We can bypass thi...

Sql injection

Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the 1 columnfilter or 2 category parameter to system/index.php or the 3 tblsort0 parameter in the comment module to system/index.php...

Group Office (comment_id) SQL Injection Vulnerability

No description provided by source. Title Group Office Remote SQL Injection Vulnerability Author ADEO Security Published 17/07/2010 Version 3.5.9 Possible all versions Vendor http://www.group-office.com Download...

Drupal < 5.1 - (post comments) Remote Command Execution Exploit (2)

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...

Jarida 1.0 Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Jarida 1.0 SQL Injection Date : 26 September 2011 Author : Ptrace Security Gianni Gnesa gnix Contact : researchatptrace-securitydotcom Software Link: http://sourceforge.net/projects/jarida/ Version : 1.0 Tested on : CentOS 5.6 0...

Debian Security Advisory DSA 2113-1 (drupal6)

The remote host is missing an update to drupal6 announced via advisory DSA 2113-1. OpenVAS Vulnerability Test $Id: deb21131.nasl 6614 2017-07-07 12:09:12Z cfischer $ Description: Auto-generated from advisory DSA 2113-1 drupal6 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

Authorization

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

CVE-2010-3093

The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 allows remote authenticated users with certain privileges to bypass intended access restrictions and reinstate removed comments via a crafted URL, related to an "unpublishing bypass" issue...

CVE-2010-3093

CVE-2010-3093 affects Drupal 5.x prior to 5.23 and Drupal 6.x prior to 6.18. The vulnerability allows remote authenticated users with certain privileges to bypass intended access controls and reinstate removed comments via a crafted URL, related to an “unpublishing bypass” issue. Root cause: a fl...

Debian DSA-2113-1 : drupal6 - several vulnerabilities

Several vulnerabilities have been discovered in Drupal 6 a fully-featured content management framework. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-3091 Several issues have been discovered in the OpenID module that allows malicious access to use...

DSA-2113-1 drupal6 - several vulnerabilities

Bulletin has no description...

Loggix Project 9.4.5 (refer_id) Blind SQL Injection Vulnerability

No description provided by source. Salvatore "drosophila" Fresta + Application: Loggix Project + Version: 9.4.5 + Website: http://loggix.gotdns.org + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 10 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore...

Loggix Project 9.4.5 - &#039;refer_id&#039; Blind SQL Injection

Salvatore "drosophila" Fresta + Application: Loggix Project + Version: 9.4.5 + Website: http://loggix.gotdns.org + Bugs: A Blind SQL Injection + Exploitation: Remote + Date: 10 Apr 2009 + Discovered by: Salvatore "drosophila" Fresta + Author: Salvatore "drosophila" Fresta + Contact: e-mail:...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

Information disclosure

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

CVE-2007-6691

CVE-2007-6691 affects Menalto Gallery

FreeBSD : gallery2 -- multiple vulnerabilities (4aab7bcd-b294-11dc-a6f0-00a0cce0781e)

The Gallery team reports : Gallery 2.2.4 addresses the following security vulnerabilities : - Publish XP module - Fixed unauthorized album creation and file uploads. - URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...

gallery2 -- multiple vulnerabilities

The Gallery team reports: Gallery 2.2.4 addresses the following security vulnerabilities: Publish XP module - Fixed unauthorized album creation and file uploads. URL rewrite module - Fixed local file inclusion vulnerability in unsecured admin controller and information disclosure in hotlink...