613 matches found
FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)
znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
codeigniter -- arbitrary script execution in the new Form Validation class
znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...
Form submission doesn't check source
Confluence accepts form submissions from any source. This means if you are logged in to confluence and another site submits data to the confluence instance, then its accepted without question because the user is already logged in - or automatically logged in. We need a way to validate the form...
Drupal < 5.1 (post comments) Remote Command Execution Exploit v2
No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ drupalv5.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access...
Drupal < 5.1 (post comments) Remote Command Execution Exploit v2
No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...
Drupal < 5.1 (post comments) Remote Command Execution Exploit v2
Exploit for unknown platform in category web applications ================================================================ Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host directory proxy\n"...
Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2
No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv4.pl,v 0.2 2007/02/15 13:28:29 str0ke Exp $ milw0rmdrupalv4.pl - Drupal 4.7.6 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through norma...
Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2
Exploit for unknown platform in category web applications ================================================================== Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host direct...
Drupal < 4.7.6 - Post Comments Remote Command Execution
!/usr/bin/perl $Id: milw0rmdrupalv4.pl,v 0.2 2007/02/15 13:28:29 str0ke Exp $ milw0rmdrupalv4.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filt...
Drupal < 5.1 - Post Comments Remote Command Execution
!/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filt...
CVE-2007-0626
The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...
[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue
---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-005 ---------------------------------------------------------------------------- Project: Drupal core Version: 4.7.x, 5.x Date: 2007-Jan-29 Security risk: Highy critical Exploitabl...
th_mailformplus
A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...