3502 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 logindata parameter to admin/auth.php; 2 nb parameter to admin/blogs.php; 3 type, 4 sortby, 5 order, or 6 status parameters to admin/comments.php; or ...
11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection
source: https://www.securityfocus.com/bid/52306/info 11in1 CMS is prone to multiple SQL-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the applicatio...
Movable Type vulnerable to session hijacking
Overview Movable Type contains a session hijacking vulnerability. Movable Type contains a session hijacking vulnerability in entering comments and community functionality. Impact A remote unauthenticated attacker may impersonate an honest user of the affected product. Solution Update the software...
Movable Type vulnerable to cross-site request forgery
Overview Movable Type contains a cross-site request forgery vulnerability. Movable Type contains a cross-site request forgery vulnerability in entering comments and community functionality. Impact If a user views a malicious page while logged in, settings may be changed, data may be viewed or...
WordPress Recent Comments Plugin <= 2.0.6 - SQL injection
Because of this vulnerability, the attackers can execute arbitrary SQL commands via the "id" parameter. Solution Update the plugin...
WordPress Recent Comments Plugin <= 2.0.6 - XSS
Because of this vulnerability in the core.php, the attackers can inject arbitrary web script or HTML via the "page" parameter. Solution Update the plugin...
XWiki Enterprise 3.4 Cross Site Scripting
Exploit Title: XWiki Cross Site Scripting Date: 4.02.2012 Author: Sony Software Link: http://www.xwiki.org/ Software Version: XWiki Enterprise 3.4 Google Dorks: inurl:xwiki/bin/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...
YABSoft Advanced Image Hosting Script SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: AIHS Advanced Image Hosting Script SQL Injection Vulnerability Author: Robert Cooper Robert.Cooper at areyousecure.net Software Link: http://yabsoft.com/ Tested on: Linux/Windows 7 Vulnerable File: viewcomments.php Vulnerable...
DEBIAN-CVE-2012-0287
Cross-site scripting XSS vulnerability in wp-comments-post.php in WordPress 3.3.x before 3.3.1, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the query string in a POST operation that is not properly handled by the "Duplicate comment detected"...
WordPress <= 3.3.0 - XSS
Because of this vulnerability in wp-comments-post.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 snippets in a user comment, which is not properly handled in a Confluence page, or 2 the user profile display name,...
CVE-2010-5005
Cross-site scripting XSS vulnerability in members/profileCommentsResponse.php in Rayzz Photoz allows remote attackers to inject arbitrary web script or HTML via the profileCommentTextArea parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
Joomla Component Alameda (com_alameda) SQL Injection
No description provided by source. Joomla Component Alameda comalameda SQL Injection Vulnerability Author : kaMtiEz [email protected] Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id Date : 1 Nov , 2011 Software Information + Vendor :...
Online Subtitles Workshop Cross Site Scripting
=================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS vulnerabilities Author: M.Jock3R...
Online Subtitles Workshop - Cross-Site Scripting
Online Subtitles Workshop - Cross-Site Scripting =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles...
Online Subtitles Workshop - Cross-Site Scripting
=================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitles Workshop XSS vulnerabilities Author: M.Jock3R...
Online Subtitles Workshop XSS Vulnerability
Exploit for php platform in category web applications =================================================================================== Online Subtitles Workshop XSS vulnerabilities =================================================================================== Exploit Title: Online Subtitl...
[Contest] Win "Ghost in the Wires" Book by Kevin Mitnick
Contest Win "Ghost in the Wires " Book by Kevin Mitnick Some call him a saint, some a criminal, others adore him. Industry may loathe him but we here at The Hacker News say, "Get ready, loyal subscribers! " Enter our newest contest and win a copy of Kevin Mitnick's new book titled, "Ghost in the...
Contest Winners Announcement : Wireless Penetration Testing Guide book
Contest Winners Announcement : Wireless Penetration Testing Guide book We ran a competition for the book "Backtrack 5 Wireless Penetration Testing " last week. Today, Vivek Ramachandran, the author of the book and Founder of SecurityTube.net is announcing the winners in the video below. We will b...
Cross-Site scripting vulnerability in extension t3blog (t3blog)
It has been discovered that the extension "T3Blog" t3blog is vulnerable to Cross-Site Scripting. Release Date: September 27, 2011 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 1.1.1 and all versions below...