Cross site scripting

Cross-site scripting XSS vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are us...

Fedora 19 : fdupes-1.51-1.fc19 (2013-13176)

Upstream - Added support for 64-bit file offsets on 32-bit systems. - Using tty for interactive input instead of regular stdin. This is to allow feeding filenames via stdin in future versions of fdupes without breaking interactive deletion feature. - Fixed some typos in --help. - Turned C++ style...

Fedora 18 : fdupes-1.51-1.fc18 (2013-13166)

Upstream - Added support for 64-bit file offsets on 32-bit systems. - Using tty for interactive input instead of regular stdin. This is to allow feeding filenames via stdin in future versions of fdupes without breaking interactive deletion feature. - Fixed some typos in --help. - Turned C++ style...

Anchor CMS 0.9.1 - Persistent Cross-Site Scripting

Exploit Title : AnchorCMS Stored XSS exploit v0.9.1 Exploit Author: DURAKIBOX / dn5 Website : halisduraki.com Email : [email protected] Date : 18.7.2013. CMS uri : http://anchorcms.com/ Version : AnchorCMS File : article.php file shows article/post page with text written by owners. If owner enable...

CVE-2013-2122

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors...

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

Turning off Anti-XSRF mode has no effect

Turning off Anti-XSRF protection for comments does not have the desired effect. Even if the setting is turned off adding comments is not possible, due to an XSRF warning...

Facebook Comment's Picture Hijacking

Today Facebook rollouts for FB users to comment with picture on any status. But the feature has a bug which allows malicious user to hijack the picture from any comments if the picture is share by uploading for comment. After Malicious user hijack the picture, malicious person can change picture...

GLPI v0.83.8 Multiple Error-based SQL Injection Vulnerabilities

Summary GLPI, an initialism for Gestionnaire libre de parc informatique Free Management of Computer Equipment, was designed by Indepnet Association a non profit organisation in 2003. GLPI is a free asset and IT management software package, it also offers functionalities like servicedesk ITIL or...

http-comments-displayer NSE Script

Extracts and outputs HTML and JavaScript comments from HTTP responses. Script Arguments http-comments-displayer.singlepages Some single pages to check for comments. For example, "/", "/wiki". Default: nil crawler mode on http-comments-displayer.context declares the number of chars to extend our...

html_comments

This plugin greps every page for HTML comments, special comments like the ones containing the words "password" or "user" are specially reported. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...

SA-CONTRIB-2013-048 - Edit Limit - Access Bypass

Edit Limit enables you to set time and count-based limits on how and when a user can edit nodes or comments. The module doesn't sufficiently check user access when editing comments to see if the user has the necessary permissions to edit a comment outside of the limits applied by this module. Thi...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

Cross site request forgery (csrf)

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

UBUNTU-CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request...

CVE-2013-2082

CVE-2013-2082 affects Moodle: versions up to 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 do not enforce capability requirements for reading blog comments, allowing remote attackers to obtain sensitive information via a crafted request. Root cause: missing capability ch...

WP Super Cache Plugin for WordPress Multiple Insecure PHP Code Inclusion Macros Remote Code Execution

The WP Super Cache Plugin for WordPress installed on the remote host is affected by a remote PHP code execution vulnerability due to a failure to properly sanitize user-supplied input. An unauthenticated, remote attacker can submit a comment to a WordPress blog containing arbitrary PHP code. The...

Wordpress W3 Total Cache PHP Code Execution Vulnerability

This Metasploit module exploits a PHP Code Injection vulnerability against Wordpress plugin W3 Total Cache for versions up to and including 0.9.2.8. WP Super Cache 1.2 or older is also reported as vulnerable. The vulnerability is due to the handling of certain macros such as mfunc, which allows...