3502 matches found
PR06-09: BEA Plumtree portal full version disclosure vulnerability
PR06-09: BEA Plumtree portal full version disclosure vulnerability Description: BEA Plumtree portal 6.0 is vulnerable to a full version disclosure vulnerability. The exact version along with the build date is always included at the bottom of every requested HTML page within HTML comments. Date...
talkback-rfi.txt
Opencosmo Security http://www.opencosmo.com ================================================================================================================================== TalkBack 2.2.7 Remote File Include Vulnerability Software : TalkBack version 2.2.7 Developer :...
Remote file inclusion
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...
CVE-2007-6105
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...
CVE-2007-6105
Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 allow remote attackers to execute arbitrary PHP code via a URL in the 1 languagefile parameter to a comments-display-tpl.php and b addons/separate-comments-mod/my-comments-display-tpl.php and the 2 configcommentsformtpl paramete...
Old Guy's Scripts TalkBack Comments and Guestbook远程文件包含漏洞
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities Old Guy's Scripts TalkBack Comments and Guestbook是一款基于PHP的WEB应用程序。 Old Guy's Scripts TalkBack Comments and Guestbook不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB权限执行任意PHP代码。 问题是由于多个脚本对用户提交的'languagefile'参数缺少过滤,指定远程服务器上的任意文件作为包含参数,可导致以WEB权限执行任意PHP代码。...
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities
No description provided by source. ================================================================================================================================== TalkBack 2.2.7 Remote File Include Vulnerability Software : TalkBack version 2.2.7 Developer : http://www.scripts.oldguy.us/talkbac...
TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities
Exploit for unknown platform in category web applications ============================================================= TalkBack 2.2.7 Multiple Remote File Inclusion Vulnerabilities =============================================================...
TalkBack 2.2.7 - Multiple Remote File Inclusions
================================================================================================================================== TalkBack 2.2.7 Remote File Include Vulnerability Software : TalkBack version 2.2.7 Developer : http://www.scripts.oldguy.us/talkback Discovered by : NoGe Contact :...
teatro 1.6 - basePath Remote File Inclusion
teatro 1.6 - basePath Remote File Inclusion teatro 1.6 Remote File Include Vulnerability Download script : http://telemat.die.unifi.it/book/2003/Telematica-II/teatro-1.6.tgz Dicovered by : Alkomandoz Hacker Contact : [email protected]...
usd250 helpdesk XSS vulnerabily.
http://www.oneorzero.com/ Within the helpdesk utility usd250, an XSS in the comments field is possible. The comments strip script tags and replace them with not allowed, but script tags dont need to be in place for XSS. Something along the lines of... b onmouseover="window.alert'omghax'"some text...
FreeBSD : drupal --- multiple vulnerabilities (9c00d446-8208-11dc-9283-0016179b2dd5)
The Drupal Project reports : In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
CVE-2007-5621
Multiple cross-site scripting XSS vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a...
CVE-2007-5621
Multiple cross-site scripting XSS vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, and Ubercart modules; allow remote authenticated users with a...
CVE-2007-5597
The hookcomments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by 1 Organic groups and 2 Subscriptions...
Authentication flaw
The hookcomments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by 1 Organic groups and 2 Subscriptions...
CVE-2007-5597
The hookcomments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 does not pass publication status, which might allow attackers to bypass access restrictions and trigger e-mail with unpublished comments from some modules, as demonstrated by 1 Organic groups and 2 Subscriptions...
drupal --- multiple vulnerabilities
The Drupal Project reports: In some circumstances Drupal allows user-supplied data to become part of response headers. As this user-supplied data is not always properly escaped, this can be exploited by malicious users to execute HTTP response splitting attacks which may lead to a variety of...
DEBIAN-CVE-2007-5301
Buffer overflow in the vorbisstreaminfo function in input/vorbis/vorbisengine.c aka the vorbis input plugin in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments...
konqueror XSS
The KDE HTML library kdelibs, as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting XSS attacks and bypass some XSS protection schemes by embedding certain HTML tags within a comment in a title tag, a related issue to...