3502 matches found
6ALBlog (newsid) Remote SQL Injection Vulnerability
No description provided by source. +By CrackersChild+ Portal.......: 6ALBlog All Versions Download.....: http://down.otand.com/download/code/php/blog/6alblog.rar Author.......: CrackersChild | [email protected] & [email protected] Class........: Remote SQL Injection and Remote File...
VLC 0.8.6b format string vulnerability & integer overflow
iSEC Partners Security Advisory - 2007-001-vlc http://www.isecpartners.com ---------------------------------------------- VLC 0.8.6b format string vulnerability & integer overflow Vendor: VideoLan Vendor URL: http://www.videolan.org Systems Affected: Confirmed on Windows XP, FreeBSD 6.2, MacOS X...
CVE-2007-3342
Multiple cross-site scripting XSS vulnerabilities in Movable Type MT before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have 1 a malformed SGML numeric character reference with a '\0' 0x00 character in a javascript: URI or 2 an attribute in an element that...
CVE-2007-3198
Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2007-3198
Cross-site scripting XSS vulnerability in comments.php in Maran PHP Blog Maran Blog, possibly only versions before 20070610, allows remote attackers to inject arbitrary web script or HTML via the id parameter...
CVE-2007-3134
Multiple cross-site scripting XSS vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Your Name, 2 Your Homepage, and 3 Your Comment fields, when using "Approve Comments."...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Your Name, 2 Your Homepage, and 3 Your Comment fields, when using "Approve Comments."...
CVE-2007-3134
Multiple cross-site scripting XSS vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Your Name, 2 Your Homepage, and 3 Your Comment fields, when using "Approve Comments."...
Particle Gallery <= 1.0.1 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Particle Gallery setvar"COMMENTID", ""; if $GET"editcomment" "" $sql = "SELECT FROM " . $dbprefix . "comments WHERE commentid = " . dbSecure$GET"editcomment"; $cme = $db-execute$sql; i...
wordpress -- unmoderated comments disclosure
Blogsecurity reports: An attacker can read comments on posts that have not been moderated. This can be a real security risk if blog admins are using unmoderated comments comments that have not been made public to hide sensitive notes regarding posts, future work, passwords etc. So please be caref...
CVE-2007-2859
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the pathsimpgb parameter to 1 guestbook.php, 2 search.php, 3 mailer.php, 4 avatars.php, 5 ccode.php, 6 comments.php, 7 emoticons.php, 8 gbdownload.php, and possibl...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 allow remote attackers to execute arbitrary PHP code via a URL in the pathsimpgb parameter to 1 guestbook.php, 2 search.php, 3 mailer.php, 4 avatars.php, 5 ccode.php, 6 comments.php, 7 emoticons.php, 8 gbdownload.php, and possibl...
PT-2007-4163 · Simpgb · Simpgb
Name of the Vulnerable Software and Affected Versions: SimpGB version 1.46.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path simpgb parameter to various PHP scripts, including "guestbook.php", "search.php", "mailer.php", "avatars.php", "ccode.php...
doopCMS13x-xss.txt
Doop Content Management System 1.3.x Exploit Author: KaBuS alertdocument.cookie;alert/xss/; Text: alertdocument.cookie;alert/xss/; Name or nick: alertdocument.cookie;alert/xss/; e-mail: alertdocument.cookie;alert/xss/; send. and refresh page .. Attack 2 : http://site/path/?page=vdasCMS New Commen...
CVE-2007-1797
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via 1 a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or 2 the a colors or b comments field in a crafted XWD image, which results in a heap-based...
Mephisto blog is vulnerable to XSS
Hello everyone! Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id. Example Add new comment with the...
Wordpress <= v2.1.0
If you're logged in into wordpress as an admin, your comments aren't properly sanitized, thus allowing an XSS to be posted. This can be exploited using XSRF techniques. More info & PoC: http://www.virtuax.be/advisories/Advisory4-20022007.txt...
CVE-2007-1176
Multiple cross-site scripting XSS vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 Gallery Comments pages, 2 Feedback pages, 3 Search Results pages, and 4 the Statistics Log viewer...
CVE-2007-1176
Multiple cross-site scripting XSS vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 Gallery Comments pages, 2 Feedback pages, 3 Search Results pages, and 4 the Statistics Log viewer...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 Gallery Comments pages, 2 Feedback pages, 3 Search Results pages, and 4 the Statistics Log viewer...