3502 matches found
Joomla! Component com_webeecomment 2.0 - Local File Inclusion
================================================================================================================== o Joomla Component Webee Comments Local File Inclusion Vulnerability Software : comwebeecomment version 2.0 Vendor : http://www.onnogroen.nl/webee/ Author : AntiSecurity s4va NoGe...
Joomla! Component com_webeecomment 2.0 - Local File Inclusion
Joomla! Component comwebeecomment 2.0 - Local File Inclusion ================================================================================================================== o Joomla Component Webee Comments Local File Inclusion Vulnerability Software : comwebeecomment version 2.0 Vendor :...
Flatpress 0.909.1 - Persistent Cross-Site Scripting
Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm Thanks:...
Flatpress 0.909.1 - Persistent Cross-Site Scripting
Flatpress 0.909.1 - Persistent Cross-Site Scripting Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...
FlatPress 0.909.1 Stored Cross Site Scripting
Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm Thanks:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors...
CVE-2009-4505
CVE-2009-4505 concerns the OpenCMS OAMP Comments Module (v1.0.0). The vulnerability arises from unfiltered user input being reflected in comments, enabling cross-site scripting (XSS) across visitors. The Compass Security advisory details exploitability and shows the impact as potential impersonat...
Cross site scripting
Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...
CVE-2010-1107
The CVE-2010-1107 entry concerns a Cross-site Scripting (XSS) vulnerability in Drupal’s Recent Comments module for versions 5.x (up to 5.x-1.2) and 6.x (up to 6.x-1.0). The underlying issue allows remote authenticated users to inject arbitrary web script or HTML via the “custom block title interf...
CVE-2010-1107
Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...
CVE-2009-4505 OpenCMS OAMP Comments Module XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2009-4505 Product: OpenCMS OAMP Comments Module Vendor: Open Source, Alkacon GmbH Cologne, Germany Subject: Cross-site scripting XSS Risk: High Effect: Anonymously exploitable Author: Cyrill Brunschwiler [email protected] Date:...
CSICE Cross Site Request Forgery / Cross Site Scripting
http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the Post comment filelds in the following page move to this page 'only for authenticated user' http://www.csice.org/student/subjects.html and choose a subject and...
Article Friendly Local File Inclusion
======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...
Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)
Tinypug 0.9.5 - Cross-Site Request Forgery Password Change www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
Sql injection
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
CVE-2009-4651
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
CVE-2009-4650
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
CVE-2009-4650
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
CVE-2009-4651
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...