Mozilla Firefox SVG Processing Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists in the browser's handling of SVG comment objects...

pHNews Comments.PHP本地文件包含漏洞

pHNews是一款基于PHP的WEB应用程序。 pHNews不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞以WEB进程权限查看系统文件内容。 问题是由于'Comments.PHP'脚本对用户提交的'templatesdir'参数缺少过滤，提交包含多个"../"字符作为参数数据，可绕过WEB ROOT限制，以WEB进程权限查看系统文件内容。 pHMicroboard pHNews alpha 1 http://www.phnews.org/ http://www.example.com/path/modules/comments.php?templatesdir=LFI...

IwebNegar Comments.PHP注入漏洞

IwebNegar是一款基于PHP的WEB应用程序。 IwebNegar不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，获得敏感信息。 问题是由于'Comments.PHP'脚本对用户提交的'id'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 iWebNegar iWebNegar 1.1 http://iwebnegar.co.sr/ http://www.example.com/comments.php?id=SQL Query...

PT-2006-6739 · Unknown · Activenews Manager

Name of the Vulnerable Software and Affected Versions: ActiveNews Manager affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited...

EUVD-2006-5958

Multiple cross-site scripting XSS vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 URL, or 3 Comments field...

CVE-2006-5975

Multiple cross-site scripting XSS vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 URL, or 3 Comments field...

eggblog=> 3.1.0 Cross Site Scripting

""""""""""""""""""""""""""""""""""""""""""""""" """ :: :: ::::: :::: """ """ :: :: :: : :: """ """ :::: :: :: ::::: ::::: :::: """ """ :: :: ::: ::: :: :: :: :: :: """ """ :: :: :: : : ::::: :: :: :::: """ """ """ """"""""""""""""""""""""""""""""""""""""""""""" Xmor$ DigitaL Hacking TeaM eggblog=...

Blogme v3 [admin login bypass & xss (post)]

vendor site:http://www.drumster.net/ product:Blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerables fields: - Name - URL - Comments laurent gaffie & benjamin mosse http://s-a-p.ca/ contact:...

blogme 3.0 - Cross-Site Scripting Authentication Bypass

blogme 3.0 - Cross-Site Scripting Authentication Bypass blogme v3 admin login bypass & xss post vendor site:http://www.drumster.net/ product:blogme v3 bug:login bypass & xss post risk:high admin login bypass : user : ' or '1' = '1 passwd: 1'='1' ro ' xss post : in: /comments.asp?blog=85 vulnerabl...

BlogMe 3.0 (XSS/Auth Bypass) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ============================================================ BlogMe 3.0 XSS/Auth Bypass Multiple Remote Vulnerabilities ============================================================ blogme v3 admin login bypass & xss post vendor...

CVE-2006-5864

Stack-based buffer overflow in the psgettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript PS file with certain headers that contain long comments, as demonstrated using the 1 DocumentMedia, 2...

CVE-2006-5864

Stack-based buffer overflow in the psgettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript PS file with certain headers that contain long comments, as demonstrated using the 1 DocumentMedia, 2...

GNU gv buffer overflow

Stack buffer overflow overrun on oversized PostScript comments...

Light Blog Multiple Vulnerabilities Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo "\r\n"; echo "Light Blog Multiple Vulnerabilities Exploit\r\n"; echo "by BlackHawk [email protected]\r\n"; echo "Thanks to rgod for the php code and Marty for the Love\r\n\r\n"; if $argc4 echo "Usage: php ".$argv0."...

Simplog 0.9.3.1 - comments.php SQL Injection

Simplog 0.9.3.1 - comments.php SQL Injection !/usr/bin/php input type=text name=c...

Уязвимости в Subscribe To Comments

Здравствуйте 3APA3A! Сообщаю вам о найденной мною 14.09.2006 нескольких Cross-Site Scripting уязвимостей в Subscribe To Comments 2.0.4 - популярном плагине к WordPress. Уязвимость имеется в параметрах ref и email в скриптах wp-subscription-manager.php та subscribe-to-comments.php. XSS:...

CVE-2006-4628

Cross-site scripting XSS vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments...

CVE-2006-4628

Cross-site scripting XSS vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments...

[SA21781] VCD-db Comments Script Insertion Vulnerability

---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available:...

CVE-2006-4497

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter...