Mahara用户配置文件跨站脚本漏洞

BUGTRAQ ID: 34677 CVECAN ID: CVE-2009-0664 Mahara是一个开源的电子文件夹，网络日志，履历表生成器和社会联网系统。 Mahara没有正确地过滤对introduction用户配置文件字段和用户视图某些文本块所传送的输入参数便返回给了用户，远程攻击者可以通过向服务器提交恶意请求执行跨站脚本攻击，导致在用户浏览器会话中注入并执行任意HTML和脚本代码。 Eduforge.org Mahara 1.1.x Eduforge.org Mahara 1.0.x Debian ------...

Unfixed XSS vulnerability at eduforge.org

Security researcher SaMTHG, has submitted on 01/03/2009 a cross-site-scripting XSS vulnerability affecting eduforge.org, which at the time of submission ranked 310859 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/07/2009. It is currently...

emergecolab-lfi.txt

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl emergecolab 1.0 Local File Inclusion Vulnerability Script site: http://emerge2004.net/software.php Download:...

emergecolab 1.0 - 'sitecode' Local File Inclusion

:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ dunatstrcpy.pl emergecolab 1.0 Local File Inclusion Vulnerability Script site: http://emerge2004.net/software.php Download:...