Lucene search
K

3534 matches found

seebug.org
seebug.org
added 2009/07/27 12:0 a.m.27 views

WordPress 'wp-comments-post.php'跨站脚本漏洞

WordPress 2.8.1 WordPress是一款流行的blog系统。 WordPress 'wp-comments-post.php'不正确处理用户输入,远程攻击者可以利用漏洞进行跨站脚本攻击,获得敏感信息。 'wp-comments-post.php'脚本对评注信息缺少过滤,提交恶意脚本代码并诱使用户访问可导致获得目标用户浏览器COOKIE等敏感信息。 Bugraq ID: 35797 CNCAN ID:CNCAN-2009072508 厂商解决方案 目前没有解决方案提供: http://wordpress.org/...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2009/07/24 12:0 a.m.10 views

WordPress 2.8.1 - url Cross-Site Scripting

WordPress 2.8.1 - url Cross-Site Scripting !/bin/bash echo "wp281.quickprz // iso^kpsbr" SITE=$1 COMMENT=$2 MESSAGE="h4x0riZed by the superfreakaz0rz" if "X$SITE" = "X" ; then echo "$0 postID" echo "f.e. $0 www.worstpress.eu" exit fi if "X$POSTID" = "X" ; then POSTID=1 fi echo "+ building payload...

6.8AI score
Exploits0
0day.today
0day.today
added 2009/07/17 12:0 a.m.26 views

Super Simple Blog Script 2.5.4 (entry) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================== Super Simple Blog Script 2.5.4 entry SQL Injection Vulnerability ================================================================== ----------exploit Debut Remote SQL...

7.1AI score
Exploits0
Prion
Prion
added 2009/07/10 9:0 p.m.14 views

Design/Logic Flaw

WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...

5CVSS6.5AI score0.02869EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2009/07/10 9:0 p.m.3 views

DEBIAN-CVE-2009-2431

WordPress 2.7.1 places the username of a post's author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source...

5CVSS6.5AI score0.02869EPSS
Exploits0References1
seebug.org
seebug.org
added 2009/06/12 12:0 a.m.97 views

4images <= 1.7.7 Filter Bypass HTML Injection/XSS Vulnerability

No description provided by source. || || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=-...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2009/06/12 12:0 a.m.31 views

4images 1.7.7 Bypass / Cross Site Scripting

|| || | || o,7 || . o7 || q||| o\, : / / . =By: Qabandi =Email: iqaahotmail.fr From Kuwait, PEACE... =Vuln: 4images = 1.7.7 - filter bypass HTML injection/XSS =INFO: =BUY: =DORK: -=/:Conditions:=- --------------------------------------------------------------------------------- ; Magic quotes...

Exploits0
seebug.org
seebug.org
added 2009/05/31 12:0 a.m.31 views

Small Pirates v-2.1 (XSS/SQL) Multiple Remote Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ------------------...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.34 views

Mandrake Linux Security Advisory : kdelibs (MDKSA-2007:157)

The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...

4.3CVSS5.3AI score0.01796EPSS
Exploits1References1
CVE
CVE
added 2009/03/02 7:0 p.m.65 views

CVE-2008-6373

CVE-2008-6373 affects Nagios core prior to 3.0.6. The vulnerability is described as unspecified, with remote attack vectors tied to CGI programs, “adaptive external commands,” and the ability to write newlines and submit service comments. Public sources in connected documents confirm affected pro...

5CVSS6.5AI score0.04692EPSS
Exploits0References10Affected Software1
exploitpack
exploitpack
added 2009/02/27 12:0 a.m.14 views

irokez blog 0.7.3.2 - Cross-Site Scripting Remote File Inclusion Blind SQL Injection

irokez blog 0.7.3.2 - Cross-Site Scripting Remote File Inclusion Blind SQL Injection ================================================================================ || Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS...

Exploits0
Packet Storm
Packet Storm
added 2009/02/27 12:0 a.m.22 views

Irokez Blog 0.7.3.2 XSS / RFI / SQL Injection

================================================================================ || Irokez Blog BLIND SQL-INJECTION, INCLUDE, ACTIVE XSS ================================================================================ Application: Irokez Blog ------------ Website: http://irokez.org --------...

0.1AI score
Exploits0
Prion
Prion
added 2009/02/18 4:30 p.m.16 views

Design/Logic Flaw

Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...

5CVSS7.1AI score0.01898EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2009/02/18 4:0 p.m.21 views

CVE-2008-6160

Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...

6.6AI score0.01898EPSS
Exploits0References4
Prion
Prion
added 2009/02/11 5:30 p.m.10 views

Sql injection

SQL injection vulnerability in profilecomments.php in SocialEngine SE 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the commentsecure parameter...

7.5CVSS9.1AI score0.01051EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2009/02/03 11:30 a.m.16 views

Sql injection

SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS9.1AI score0.00931EPSS
Exploits1References2Affected Software1
exploitpack
exploitpack
added 2009/01/28 12:0 a.m.27 views

Lore 1.5.6 - article.php Blind SQL Injection

Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2009/01/28 12:0 a.m.35 views

Lore 1.5.6 SQL Injection

Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2009/01/19 12:0 a.m.11 views

Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/01/19 12:0 a.m.36 views

Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection

Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...

7.4AI score
Exploits0
Rows per page
Query Builder