3534 matches found
Stack overflow
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada asset element in a DAE file, as demonstrated by the cameraYFov value in the contributor comments...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...
CVE-2014-4163
Multiple cross-site request forgery CSRF vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the 1 buried or 2 featured status of a comment via a request to wp-admin/admin-ajax.php...
CVE-2014-4163
The CVE-2014-4163 entry documents a CSRF vulnerability in the WordPress Featured Comments plugin (version 1.2.1). The issue allows an attacker to hijack administrator-authenticated requests to wp-admin/admin-ajax.php to change a comment’s status (buried/featured). Affected software: Featured Comm...
openSUSE Security Update : postgresql (openSUSE-SU-2012:1173-1)
Postgresql was updated to the security and bugfix release 9.1.3 : - Require execute permission on the trigger function for 'CREATE TRIGGER' CVE-2012-0866, bnc749299. - Remove arbitrary limitation on length of common name in SSL certificates CVE-2012-0867, bnc749301. - Convert newlines to spaces i...
openSUSE Security Update : roundcubemail (openSUSE-SU-2014:0365-1)
roundcubemail was updated to 0.9.5 to fix bugs and security issues. Fixed security issues : - CVE-2013-6172: vulnerability in handling session argument of utils/save-prefs New upstream release 0.9.5 bnc847179 CVE-2013-6172 - Fix failing vCard import when email address field contains spaces - Fix...
Video Comments Webcam Recorder <= 1.55 - Unauthenticated Reflected XSS
The Video Comments Webcam Recorder WordPress plugin was affected by an Unauthenticated Reflected XSS security vulnerability...
WordPress Plugin Featured Comments - Cross-Site Request Forgery
WordPress Plugin Featured Comments - Cross-Site Request Forgery source: https://www.securityfocus.com/bid/67955/info Featured Comments plugin for WordPress is prone to a cross-site request-forgery vulnerability. An attacker can exploit the cross-site request forgery issue to perform unauthorized...
WordPress Featured Comments Plugin - Cross Site Request Forgery
Featured Comments plugin is prone to a cross-site request forgery vulnerability that allows an attacker to perform certain actions in the context of a logged-in user of the affected application. Solution Update the plugin...
Multiple CSRF vulnerabilties in Question/Answer Threads
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions such...
Multiple CSRF vulnerabilties in Question/Answer Threads
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-47240. panel Multiple CSRF vulnerabilities exist on answers.atlassian.com where an attacker can potentially perform actions suc...
CVE-2013-4504
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...
Code injection
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...
CVE-2013-4504
The CVE-2013-4504 affects the Monster Menus module for Drupal 7.x-1.x (versions before 7.x-1.15). The issue allows remote attackers to read arbitrary node comments by crafting a URL, bypassing per-node comment visibility permissions. Impact is unauthenticated information disclosure of comments fo...
CVE-2013-4504
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL...
Vionlink comments 2.2 Remote File Include Vulnerability
Exploit for php platform in category web applications Exploit-Title: vionlink comments 2.2 Remote File Include Vulnerability Date: 2014-05-06 Author: bd0rk Software-Link: http://www.vionlink.de/downloadcounter.php?version=vcomments2.2 Affected-Version: 2.2 G00gle-D0rK: n/a ---script-kiddieprotect...
Pageadmin cms 3 /get_comments.aspx SQL注入漏洞
No description provided by source...
Mail.ru: Persistent XSS in afisha.mail.ru
Adding a comment to article, this makes javascript execution possible. POST: http://afisha.mail.ru/ext/addcomment/ Post Content alias=article&id=42797&pid=&count=20&commentbody=%5Btesting%5D+%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&ok=%D0%94%D0%BE%D0%B1%D0%B0%D0%B2%D0%B8%D1%82%D1%8C also the...
FreeBSD : bugzilla -- Social Engineering (60bfa396-c702-11e3-848c-20cf30e32f6d)
A Bugzilla Security Advisory reports : Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine. %NASLMINLEVEL...
bugzilla -- Social Engineering
A Bugzilla Security Advisory reports: Dangerous control characters can be inserted into Bugzilla, notably into bug comments. If the text, which may look safe, is copied into a terminal such as xterm or gnome-terminal, then unexpected commands could be executed on the local machine...