3502 matches found
Code injection
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...
CVE-2013-4504
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...
CVE-2013-4504
The CVE-2013-4504 affects the Monster Menus module for Drupal 7.x-1.x (versions before 7.x-1.15). The issue allows remote attackers to read arbitrary node comments by crafting a URL, bypassing per-node comment visibility permissions. Impact is unauthenticated information disclosure of comments fo...
Vionlink comments 2.2 Remote File Include Vulnerability
Exploit for php platform in category web applications Exploit-Title: vionlink comments 2.2 Remote File Include Vulnerability Date: 2014-05-06 Author: bd0rk Software-Link: http://www.vionlink.de/downloadcounter.php?version=vcomments2.2 Affected-Version: 2.2 G00gle-D0rK: n/a ---script-kiddieprotect...
Pageadmin cms 3 /get_comments.aspx SQL注入漏洞
No description provided by source...
Mail.ru: Persistent XSS in afisha.mail.ru
Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...
FreeBSD : bugzilla -- Social Engineering (60bfa396-c702-11e3-848c-20cf30e32f6d)
A Bugzilla Security Advisory reports : Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine. %NASLMINLEVEL...
bugzilla -- Social Engineering
A Bugzilla Security Advisory reports: Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine...
CVE-2011-4958
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...
WordPress Disable Comments插件跨站请求伪造漏洞
WordPress是一款内容管理系统。 由于应用程序允许用户通过未经验证的HTTP请求执行某些操作,攻击者可以利用漏洞当登录的管理员访问一个恶意网站时禁用注释。 0 WordPress Disable Comments Plugin 1.x WordPress Disable Comments 1.0.4版本以修复此漏洞,建议用户下载使用: http://wordpress.org/plugins/disable-comments/changelog/...
CVE-2013-5640
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
Sql injection
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the 1 answerid or 2 questionid parameter to polls/vote.php, 3 storyid parameter to comments/add.php or 4 comments/edit.php, or 5 threadid parameter to posts/add.php. NOTE: this issue...
CVE-2013-5640
Summary: CVE-2013-5640 (and related CVE-2013-7349) affect the Gnew 2013.1 application, with multiple SQL injection vectors. The vulnerabilities allow remote attackers to inject SQL via parameters in polls/vote.php (answer_id, question_id), comments/add.php (story_id) and comments/edit.php, or pos...
WordPress Subscribe To Comments Reloaded插件跨站请求伪造漏洞
WordPress是一款内容管理系统。 应用程序允许用户通过未经验证检查的HTTP请求执行某些操作,攻击者可以利用漏洞在欺骗管理员用户登录特制网页时修改插件设置。 0 WordPress Subscribe To Comments Reloaded Plugin 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://wordpress.org/plugins/subscribe-to-comments-reloaded/...
Yahoo vulnerability allows Hacker to delete 1.5 million records from Database
Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain 'suggestions.yahoo.com', which could allow an attacker to delete the all the posted thread and comments on...
Restricted JIRA comments appear in Confluence notification inbox
If a user is watching a JIRA issue, and a restricted comment is made on that issue that the user should not be able to see, the notification still appears in their Confluence notification inbox. When the user navigates to the issue, the correctly are not allowed to see the comment. This is a...
Fedora 20 : ikiwiki-3.20140125-1.fc20 (2014-1747)
Update to the latest stable version. Changes in ikiwiki 3.20140125 : - inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes - osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102 : - aggregate:...
CVE-2014-1837
Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...
Cross site scripting
Cross-site scripting XSS vulnerability in the StackIdeas Komento comkomento component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related to "checking new comments."...