3534 matches found
WordPress 'wp-comments-post.php'跨站脚本漏洞
WordPress 2.8.1 WordPress是一款流行的blog系统。 WordPress 'wp-comments-post.php'不正确处理用户输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 'wp-comments-post.php'脚本对评注信息缺少过滤,提交恶意脚本代码并诱使用户访问可导致获得目标用户浏览器COOKIE等敏感信息。 Bugraq ID: 35797 CNCAN ID:CNCAN-2009072508 厂商解决方案 目前没有解决方案提供: http://wordpress.org/...
WordPress 2.8.1 - url Cross-Site Scripting
WordPress 2.8.1 - url Cross-Site Scripting !/bin/bash echo "wp281.quickprz // iso^kpsbr" SITE=$1 COMMENT=$2 MESSAGE="h4x0riZed by the superfreakaz0rz" if "X$SITE" = "X" ; then echo "$0 postID" echo "f.e. $0 www.worstpress.eu" exit fi if "X$POSTID" = "X" ; then POSTID=1 fi echo "+ building payload...
Super Simple Blog Script 2.5.4 (entry) SQL Injection Vulnerability
Exploit for unknown platform in category web applications ================================================================== Super Simple Blog Script 2.5.4 entry SQL Injection Vulnerability ================================================================== ----------exploit Debut Remote SQL...
Design/Logic Flaw
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
DEBIAN-CVE-2009-2431
WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...
4images <= 1.7.7 Filter Bypass HTML Injection/XSS Vulnerability
No description provided by source. || || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=-...
4images 1.7.7 Bypass / Cross Site Scripting
|| || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=- --------------------------------------------------------------------------------- ; Magic quotes...
Small Pirates v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...
Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:157)
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...
CVE-2008-6373
CVE-2008-6373 affects Nagios core prior to 3.0.6. The vulnerability is described as unspecified, with remote attack vectors tied to CGI programs, “adaptive external commands,” and the ability to write newlines and submit service comments. Public sources in connected documents confirm affected pro...
irokez blog 0.7.3.2 - Cross-Site Scripting Remote File Inclusion Blind SQL Injection
irokez blog 0.7.3.2 - Cross-Site Scripting Remote File Inclusion Blind SQL Injection ================================================================================ || Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS...
Irokez Blog 0.7.3.2 XSS / RFI / SQL Injection
================================================================================ || Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS ================================================================================ Application: Irokez Blog ------------ Website: http://irokez.org --------...
Design/Logic Flaw
Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...
CVE-2008-6160
Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...
Sql injection
SQL injection vulnerability in profilecomments.php in SocialEngine SE 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the commentsecure parameter...
Sql injection
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Lore 1.5.6 - article.php Blind SQL Injection
Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...
Lore 1.5.6 SQL Injection
Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...
Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability
No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can...
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...