3502 matches found
Design/Logic Flaw
Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...
CVE-2008-6160
Semantically-Interconnected Online Communities SIOC 5.x before 5.x-1.2 and 6.x before 6.x-1.1, a module for Drupal, does not properly implement menu and database APIs, which allows remote attackers to obtain usernames and read hashed emails and comments via unspecified vectors...
Sql injection
SQL injection vulnerability in profilecomments.php in SocialEngine SE 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the commentsecure parameter...
Sql injection
SQL injection vulnerability in comments.php in WSN Links 2.20 allows remote attackers to execute arbitrary SQL commands via the id parameter...
Lore 1.5.6 SQL Injection
Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias C1c4tr1z,Tecn0x,Lix,1995,N0b0dy,NanonRoses,Codebreak?,Nork,AzraelNuKE && Todos los Miembros de...
Lore 1.5.6 - article.php Blind SQL Injection
Lore 1.5.6 - article.php Blind SQL Injection Lore 1.5.6 Bug : article.php?id=Blind ,Comentarios Habilitados "Add Comment" Dork : intext:"Powered by Lore 1.5.6" Coded By OzXNuKE/US HTTP://FORO.UNDERSECURITY.NET HTTP://FORO.EL-HACKER.COM Gracias...
Ninja Blog 4.8 (CSRF/HTML Injection) Vulnerability
No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can...
Ninja Blog 4.8 - Cross-Site Request Forgery/HTML Injection
Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at https://www.push55.co.uk/index.php?s=ad&id=7 ---- Due to insufficient validation of client-side data, we can inject script directly into the...
CSDN Blog 文章评论处 XSS Bug
CSDN Blog 文章评论处由于对“主 页”信息过滤不严导致跨站漏洞。 这个漏洞比较容易利用,危害相对其它XSS要大些,攻击者可以在任何人的CSDN Blog上发恶意代码的评论,可以进行盗取Cookie,挂马BS之等行为。 测试链接:http://blog.csdn.net/zerosoul/archive/2009/01/10/3743912.aspx http://hi.csdn.net 等待官方修补 在文章评论处的“主 页”一栏中输入以下代码 dork1: http://zerosoul"/ascriptalert"zerosoul"/scripta" dork2:...
Lito Lite CMS Multiple Cross Site Scripting / Blind SQL Injection Exploit
No description provided by source. --+++===================================================================================+++-- --+++====== Lito Lite Multiple Cross Site Scripting / Blind SQL Injection Exploit ======+++--...
CVE-2008-2381
SQL injection vulnerability in the create function in common/include/GroupJoinRequest.class in GForge 4.5 and 4.6 allows remote attackers to execute arbitrary SQL commands via the comments variable...
CVE-2008-5795
Cross-site scripting XSS vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5796
SQL injection vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-5795
Cross-site scripting XSS vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-5795
CVE-2008-5795 concerns the TYPO3 extension eluna_pagecomments (versions 1.1.2 and earlier) with a Cross‑Site Scripting (XSS) vulnerability. The connected documents describe that remote attackers can inject arbitrary web script or HTML via unspecified vectors. The root cause and affected software ...
CVE-2008-5796
CVE-2008-5796 affects the TYPO3 extension eluna_pagecomments (version 1.1.2 and earlier). The vulnerability is an SQL injection in the extension that could allow remote attackers to execute arbitrary SQL commands via unspecified vectors. The affected component is the eluna_pagecomments extension ...
CVE-2008-5796
SQL injection vulnerability in the eluna Page Comments elunapagecomments extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-5668
Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Textpattern aka Txp CMS 4.0.5 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to setup/index.php or 2 the name parameter to index.php in the comments preview section...