Lucene search
K

3534 matches found

Prion
Prion
added 2014/06/19 8:55 p.m.16 views

Stack overflow

Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments...

9.3CVSS8.6AI score0.2332EPSS
Exploits1References7Affected Software2
Prion
Prion
added 2014/06/16 6:55 p.m.20 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...

6.8CVSS7.8AI score0.02315EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2014/06/16 6:0 p.m.32 views

CVE-2014-4163

Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...

7.2AI score0.02315EPSS
Exploits1References1
CVE
CVE
added 2014/06/16 6:0 p.m.39 views

CVE-2014-4163

The CVE-2014-4163 entry documents a CSRF vulnerability in the WordPress Featured Comments plugin (version 1.2.1). The issue allows an attacker to hijack administrator-authenticated requests to wp-admin/admin-ajax.php to change a comment’s status (buried/featured). Affected software: Featured Comm...

6.8CVSS7.4AI score0.02315EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.29 views

openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)

Postgresql was updated to the security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' CVE-2012-0866, bnc749299. - Remove arbitrary limitation on length of common name in SSL certificates CVE-2012-0867, bnc749301. - Convert newlines to spaces i...

6.8CVSS7.8AI score0.03625EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2014/06/13 12:0 a.m.28 views

openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)

roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues : - CVE-2013-6172: vulnerability in handling session argument of utils/save-prefs New upstream release 0.9.5 bnc847179 CVE-2013-6172 - Fix failing vCard import when email address field contains spaces - Fix...

7.5CVSS7.7AI score0.02873EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2014/06/12 12:0 a.m.18 views

Video Comments Webcam Recorder <= 1.55 - Unauthenticated Reflected XSS

The Video Comments Webcam Recorder WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...

4.3CVSS2.6AI score0.01193EPSS
Exploits1References1Affected Software1
exploitpack
exploitpack
added 2014/06/10 12:0 a.m.13 views

WordPress Plugin Featured Comments - Cross-Site Request Forgery

WordPress Plugin Featured Comments - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67955/info Featured Comments plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized...

0.3AI score
Exploits0
Patchstack
Patchstack
added 2014/06/10 12:0 a.m.16 views

WordPress Featured Comments Plugin - Cross Site Request Forgery

Featured Comments plugin is prone to a cross-site request forgery vulnerability that allows an attacker to perform certain actions in the context of a logged-in user of the affected application. Solution Update the plugin...

6.8CVSS3.9AI score0.02315EPSS
Exploits1References1Affected Software1
Atlassian
Atlassian
added 2014/05/26 10:37 a.m.21 views

Multiple CSRF vulnerabilties in Question/Answer Threads

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such...

1.2AI score
Exploits0
Atlassian
Atlassian
added 2014/05/26 10:37 a.m.20 views

Multiple CSRF vulnerabilties in Question/Answer Threads

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions suc...

1.2AI score
Exploits0Affected Software1
NVD
NVD
added 2014/05/13 3:55 p.m.14 views

CVE-2013-4504

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...

2.6CVSS6.6AI score0.01185EPSS
Exploits0References3
Prion
Prion
added 2014/05/13 3:55 p.m.13 views

Code injection

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...

2.6CVSS7.1AI score0.01185EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2014/05/13 3:0 p.m.41 views

CVE-2013-4504

The CVE-2013-4504 affects the Monster Menus module for Drupal 7.x-1.x (versions before 7.x-1.15). The issue allows remote attackers to read arbitrary node comments by crafting a URL, bypassing per-node comment visibility permissions. Impact is unauthenticated information disclosure of comments fo...

2.6CVSS6.8AI score0.01185EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/05/13 3:0 p.m.21 views

CVE-2013-4504

The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...

6.6AI score0.01185EPSS
Exploits0References3
0day.today
0day.today
added 2014/05/06 12:0 a.m.42 views

Vionlink comments 2.2 Remote File Include Vulnerability

Exploit for php platform in category web applications Exploit-Title: vionlink comments 2.2 Remote File Include Vulnerability Date: 2014-05-06 Author: bd0rk Software-Link: http://www.vionlink.de/downloadcounter.php?version=vcomments2.2 Affected-Version: 2.2 G00gle-D0rK: n/a ---script-kiddieprotect...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/05 12:0 a.m.24 views

Pageadmin cms 3 /get_comments.aspx SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2014/04/28 4:53 p.m.17 views

Mail.ru: Persistent XSS in afisha.mail.ru

Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...

1.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2014/04/21 12:0 a.m.16 views

FreeBSD : bugzilla -- Social Engineering (60bfa396-c702-11e3-848c-20cf30e32f6d)

A Bugzilla Security Advisory reports : Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine. %NASLMINLEVEL...

5.5AI score
Exploits0References2
FreeBSD
FreeBSD
added 2014/04/17 12:0 a.m.12 views

bugzilla -- Social Engineering

A Bugzilla Security Advisory reports: Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine...

2.9AI score
Exploits0References1
Rows per page
Query Builder