138 matches found
CVE-2017-5474
Open redirect vulnerability CVE-2017-5474 affects Serendipity up to version 2.0.5 in comment.php. The issue arises from improper validation of the HTTP Referer header, enabling remote attackers to direct users to arbitrary sites (potential phishing). Affected product/component: Serendipity (comme...
CVE-2017-5475
CVE-2017-5475 affects Serendipity up to version 2.0.5, with a CSRF flaw in comment.php that enables deletion of comments. The Connected documents confirm the vulnerability is CSRF/XSRF in Serendipity’s comment handling, but do not provide explicit mitigation steps or affected patch versions beyon...
CVE-2017-5475
comment.php in Serendipity through 2.0.5 allows CSRF in deleting any comments...
TaoCMS v2.5Beta5 comment.php sql注入漏洞
No description provided by source...
TaoCMS v2.5Beta4 Comment.php 存在储存型xss漏洞(可打后台)
No description provided by source...
QiboCMS v7 /member/comment.php SQL注入漏洞
No description provided by source...
QiboCMS v7 /member/comment.php SQL注入漏洞
No description provided by source...
Hdwiki (20141205) 存在7处SQL注入漏洞(含之前处理不当安全的漏洞)
简要描述: 看到更新了, 有几个老洞还没修复 也随便放到这里面来说了。 详细说明: 0x01 在control/comment.php 中 function doreport $usernames=array; $id=intval$this-post'id' ? $this-post'id' : 0; $report=trimhtmlspecialcharsWIKICHARSET==GBK?string::hiconv$this-post'report':$this-post'report'; ifempty$id||empty$report $this-message-1,'',2;...
Anchor CMS 0.9.2 Header Injection Vulnerability
Anchor CMS versions 0.9.2 and below suffer from a header injection vulnerability. Anchor CMS = 0.9.2 Current Version header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From:...
Anchor CMS 0.9.2 Header Injection
Anchor CMS = 0.9.2 Current Version header injection in anchor/models/comment.php $headers = 'MIME-Version: 1.0' . "\r\n"; $headers .= 'Content-type: text/html; charset=utf-8' . "\r\n"; $headers .= 'From: notifications@' . $SERVER'HTTPHOST' . "\r\n"; 49: mail$to, 'comments.notifysubject', $message...
WordPress 2.0 - 3.0.1 wp-includes/comment.php Bypass Spam Restrictions
...
Geeklog 1.3.7 comment.php cid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/6603/info Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a...
Loggix Project <= 9.4.5 - Multiple Remote File Include Vulnerability
No description provided by source. In The Name Of Allah Loggix Project = 9.4.5 Multiple Remote File Include Vulnerability Download Script : http://sourceforge.net/projects/loggix/files/ Author : cr4wl3r Contact : cr4wl3r4tlinuxmaildotorg Location : Gorontalo - INDONESIA Blog :...
Design/Logic Flaw
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
CVE-2010-5293
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafted URL, as demonstrated by a URL that triggers a substring match...
Weeds(Weedcms)cms sql injection vulnerability-vulnerability warning-the black bar safety net
Vulnerability author: B1oods Vulnerability source: law guest Forum Google keyword added: Powered by WeedCMS Article nothing technical content has the wrong place a lot of contains! Watching this program is because before the mind the big cattle sub-yeah toast send this through a what dig populari...
CVE-2012-2762
SQL injection vulnerability in include/functionstrackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php...
Serendipity 1.6.1 SQL Injection
Advisory ID: HTB23092 Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE Reference: CVE-2012-2762 CVSSv2...
Serendipity 1.6.1 SQL Injection Vulnerability
Exploit for php platform in category web applications Product: Serendipity Vendor: Serendipity Team Vulnerable Versions: 1.6.1 and probably prior Tested Version: 1.6.1 Vendor Notification: 16 May 2012 Vendor Patch: 16 May 2012 Public Disclosure: 6 June 2012 Vulnerability Type: SQL injection CVE...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...