CVE-2011-4292

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service invalid database records via a series of crafted comments operations...

CVE-2011-4292

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service invalid database records via a series of crafted comments operations...

Code injection

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service invalid database records via a series of crafted comments operations...

CVE-2011-4292

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service invalid database records via a series of crafted comments operations...

VamCart CMS 0.9 - Multiple Vulnerabilities

VamCart CMS 0.9 - Multiple Vulnerabilities Title: ====== VamCart v0.9 CMS - Multiple Web Vulnerabilities Date: ===== 2012-06-25 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=622 VL-ID: ===== 622 Common Vulnerability Scoring System: ====================================...

Cross site scripting

Cross-site scripting XSS vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment...

CVE-2011-4957

The makeclickable function in wp-includes/formatting.php in WordPress before 3.1.1 does not properly check URLs before passing them to the PCRE library, which allows remote attackers to cause a denial of service crash via a comment with a crafted URL that triggers many recursive calls...

mantis -- multiple vulnerabilities

Mantis reports: Roland Becker and Damien Regad MantisBT developers found that any user able to report issues via the SOAP interface could also modify any bugnotes comments created by other users. In a default/typical MantisBT installation, SOAP API is enabled and any user can sign up to report ne...

Anonymous takes down MTNL website

Anonymous India takes down MTNL website The hacker-group Anonymous has struck again in India. This time the victim is the MTNL website. The group posted on their website, saying, "We are against Internet Cencorship. Instead of blocking few URLs the ISP blocked the whole domain of various file...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 page parameter to a admin/admincomments.php or b admin/adminlinks.php; or list parameter in a 3 move or 4 minimize action to c...

New York Lawmakers Want Anonymous Comments Banned

A bill before the New York State Assembly would essentially ban anonymous comments on New York-based Web sites. Earlier this week a Wired writer discovered a bill had been introduced this spring in both chambers called the Internet Protection Act. The proposed law would require that a Web site...

persistent xss through svg file attachment download

The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...

Facebook Open to Comments on Proposed Privacy Policy Changes

Facebook today announced proposed changes to its privacy policy that may better explain how it uses cookies and how long it retains your data, which is: “as long as necessary.” In addition, it wants the option to use your data for advertising on third-party Web sites. In a message called “Enhanci...

Facebook Anti-Troll System Snagging Ordinary Users

Complaints rang far and wide last week after an automated system for spotting inappropriate Facebook comments began blocking legitimate posts by the social network’s users, including prominent members like Robert Scoble. Facebook users of all stripes have received warnings about posting...

ESHOP network operators treasure Mall 1.0 GetWebshell-vulnerability warning-the black bar safety net

A day Wake up late, get up found on the ground a flyer. See is an online shop. So want to see with what program, find out where to see the html comments,css comments, and file name. Find is ESHOP network operators treasure Mall. google under exploits, found eshop exploits, test the next, not. But...

DEBIAN-CVE-2012-2404

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting XSS attacks via unspecified vectors...

WordPress <= 3.3.1 - XSS #1

This vulnerability is in the wp-comments-post.php. It allows the attackers to conduct XSS attacks via unspecified vectors. Solution Update WordPress...

Comment matter Wordpress plugin persistent XSS and Key remote arbitrary tampering-bug warning-the black bar safety net

xss /wp-content/plugins/pinglunla/relay. php? sid=ec51555f3e5e125257457a73609bdbe15cb7c29d"/scriptscriptalert0/scriptscript%20src=" The above URL for tampering with comments. SID, while injecting any script, the script will be saved permanently, affecting all of the open comments feature of the...

Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano...

Plume CMS 1.2.4 - Multiple Persistent Cross-Site Scripting Vulnerabilities

+--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS = 1.2.4 Multiple Persistent XSS Date : 04-04-2012 Author : Ivano Binetti http://www.ivanobinetti.com Software link :...