66 matches found
UBUNTU-CVE-2019-5883
An Incorrect Access Control issue was discovered in GitLab Community and Enterprise Edition 6.0 and later but before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. The issue comments feature could allow a user to comment on an issue which they shouldn't be allowed to...
Defending Democracies Against Information Attacks
To better understand influence attacks, we proposed an approach that models democracy itself as an information system and explains how democracies are vulnerable to certain forms of information attacks that autocracies naturally resist. Our model combines ideas from both international security an...
Dynamic Data Resolver (DDR) - IDA Plugin
This blog post was authored by Holger Unterbrink Executive Summary Static reverse-engineering in IDA can often be problematic. Certain values are calculated at run time, which makes it difficult to understand what a certain basic block is doing. But, if you try to perform dynamic analysis by...
Disqus Patches CSRF, Other Flaws in Plugin
Disqus, the maker of the popular community commenting plugin, has patched a handful of security flaws, including a CSRF bug. The vulnerabilities are present in all versions of the plugin up to 2.75. The most serious of the three vulnerabilities fixed in version 2.76 of the Disqus plugin is the CS...
TCW PHP Album Multiple Vulnerabilities
No description provided by source. 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor...
CVE-2012-0320
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the 1 commenting feature and 2 community script...
CVE-2012-0320
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the 1 commenting feature and 2 community script...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the 1 commenting feature or 2 community script...
Design/Logic Flaw
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the 1 commenting feature and 2 community script...
CVE-2012-0317
Multiple cross-site request forgery CSRF vulnerabilities in Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allow remote attackers to hijack the authentication of arbitrary users for requests that modify data via the 1 commenting feature or 2 community script...
CVE-2012-0320
Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 allows remote attackers to take control of sessions via unspecified vectors related to the 1 commenting feature and 2 community script...
CVE-2012-0320
CVE-2012-0320 affects Movable Type before 4.38, 5.0.x before 5.07, and 5.1.x before 5.13. The vulnerability allows remote attackers to take control of user sessions via the commenting feature and the community script, enabling session hijack. Relevant advisories reference upgrades to fixed releas...
Fedora 16 : ReviewBoard-1.6.3-1.fc16 (2011-15935)
New upstream security release 1.6.3 - Security Fixes : - A script injection vulnerability was discovered in the commenting system. This affected the diff viewer and screenshot pages, and allowed a commenter to break the page and execute JavaScript Note that Tenable Network Security has extracted...
Sql injection
SQL injection vulnerability in the Commenting system Backend Module commentsbe extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Wordpress Beer Recipes Plugin v.1.0 XSS
No description provided by source. Exploit Title: Wordpress - Beer Recipes v.1.0 XSS Google Dork: - Date: June / 25 / 2011 Author: TheUzuki.' Software Link: http://opensourcebrew.org/beer-recipes-plugin/ Version: v.1.0 Tested on: Windows 7 CVE : - SIESTTA 2.0 LFI/XSS Multiple Vulnerabilities...
Joomla Component com_soundset LFI Vulnerability
Exploit for php platform in category web applications =============================================== Joomla Component comsoundset LFI Vulnerability =============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0...
TCW PHP Album - Multiple Vulnerabilities
TCW PHP Album - Multiple Vulnerabilities 1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title: TCW PHP Album Multiple Vulnerability Vendor...
CVE-2009-2104
The CVE-2009-2104 entry describes a Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension for TYPO3, affecting version 2.7.1 and earlier. The vulnerability allows remote attackers to inject arbitrary web script or HTML via unspecified vector...
freePHPgallery 0.6 - Cookie Local File Inclusion
freePHPgallery 0.6 - Cookie Local File Inclusion --==+================================================================================+==-- --==+ freePHPgallery 0.6 Cookie Local File Inclusion +==-- --==+================================================================================+==-- Author:...
freePHPgallery 0.6 - Cookie Local File Inclusion
--==+================================================================================+==-- --==+ freePHPgallery 0.6 Cookie Local File Inclusion +==-- --==+================================================================================+==-- Author: MhZ91 Title: freePHPgallery 0.6 Cookie Local Fil...