Disqus Blog Comments SQL Injection

:----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

Disqus Blog Comments - Blind SQL Injection

Disqus Blog Comments - Blind SQL Injection :----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

ActFax 4.31 Local Privilege Escalation Exploit

Exploit for windows platform in category local exploits !/usr/bin/python Title: ActFax 4.31 Local Privilege Escalation Exploit Author: Craig Freyman @cd1zz Discovered: July 10, 2012 Vendor Notified: June 12, 2012 Description: http://www.pwnag3.com/2012/08/actfax-local-privilege-escalation.html...

Disqus Blog Comments - Blind SQL Injection

:----------------------------------------------------------------------------------------------------------------------------------------: Blog Comments Powered By Disqus - Sql Injection...

CVE-2011-5110

Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and earlier allow remote attackers to execute arbitrary SQL commands via the SearchField parameter in a search action to 1 authorslist.php, 2 blogslist.php, 3 categorylist.php, 4 commentslist.php, 5 policylist.php, 6 ratelist.php, 7...

CVE-2012-4007

The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card...

Information disclosure

The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card...

CVE-2012-4007

The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card...

mixi for Android information management vulnerability

Overview mixi for Android contains an issue which stores friends' comments on a SD card. mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Kazuhiko Kusano of...

CVE-2009-5026

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments...

JVN#92038939: mixi for Android information management vulnerability

mixi for Android provided by mixi, Inc. contains an issue which stores friends' comments on a SD card, therefore other applications can access this information directly from the SD card. Impact If a user of the affected product uses a malicious Android application, friends' comments may be...

CVE-2012-2082

Cross-site scripting XSS vulnerability in the Chaos tool suite aka CTools module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature...

Cross site scripting

Cross-site scripting XSS vulnerability in the Chaos tool suite aka CTools module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature...

Information disclosure

The comments API in application/libraries/api/MYCommentsApiObject.php in the Ushahidi Platform before 2.5 allows remote attackers to obtain sensitive information about the e-mail address, IP address, and other attributes of the author of a comment via an API function call...

Authentication flaw

The 1 reports API and 2 administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions...

CVE-2012-3473

The CVE concerns Ushahidi Platform prior to version 2.5 where the (1) reports API and (2) the admin feature of the comments API do not require authentication, allowing unauthenticated remote manipulation via API functions (generate reports and organize comments). Root cause: endpoints expose thes...

Persistent xss flaw in the revision history (of comments).

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-47387. panel Whilst a comment is html encoded /sanitized when displayed within an answer to a question the revision history page...

iauto mobile Application 2012 - Multiple Vulnerabilities

Title: ====== iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=658 VL-ID: ===== 658 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...

Worksforweb iAuto - Multiple Cross-Site Scripting HTML Injection Vulnerabilities

Worksforweb iAuto - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54812/info Worksforweb iAuto is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successfu...

Worksforweb iAuto - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/54812/info Worksforweb iAuto is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the contex...