Lucene search
K

613 matches found

Tenable Nessus
Tenable Nessus
added 2009/02/12 12:0 a.m.8 views

FreeBSD : codeigniter -- arbitrary script execution in the new Form Validation class (83574d5a-f828-11dd-9fdf-0050568452ac)

znirkel reports : The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

5.5AI score
Exploits0References2
FreeBSD
FreeBSD
added 2008/11/28 12:0 a.m.14 views

codeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports: The eval function in resetpostarray crashes when posting certain data. By passing in carefully-crafted input data, the eval function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old...

1.5AI score
Exploits0References1
Atlassian
Atlassian
added 2007/04/16 4:20 a.m.32 views

Form submission doesn't check source

Confluence accepts form submissions from any source. This means if you are logged in to confluence and another site submits data to the confluence instance, then its accepted without question because the user is already logged in - or automatically logged in. We need a way to validate the form...

2AI score
Exploits0Affected Software1
seebug.org
seebug.org
added 2007/02/16 12:0 a.m.20 views

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ drupalv5.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/02/15 12:0 a.m.23 views

Drupal &lt; 5.1 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal 5.1 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through normal...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/02/15 12:0 a.m.41 views

Drupal < 5.1 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================ Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host directory proxy\n"...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/02/15 12:0 a.m.25 views

Drupal &lt; 4.7.6 (post comments) Remote Command Execution Exploit v2

No description provided by source. !/usr/bin/perl $Id: milw0rmdrupalv4.pl,v 0.2 2007/02/15 13:28:29 str0ke Exp $ milw0rmdrupalv4.pl - Drupal 4.7.6 Remote Command Execution Exploit Copyright c 2007 str0ke str0ke!milw0rm.com Description ----------- Previews on comments were not passed through norma...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/02/15 12:0 a.m.35 views

Drupal < 4.7.6 (post comments) Remote Command Execution Exploit v2

Exploit for unknown platform in category web applications ================================================================== Drupal new; $conn - proxy"http", "http://".$proxy."/" unless !$proxy; sub usage print "? Drupal \n"; print "? usage: perl $0 host direct...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/15 12:0 a.m.31 views

Drupal &lt; 4.7.6 - Post Comments Remote Command Execution

!/usr/bin/perl $Id: milw0rmdrupalv4.pl,v 0.2 2007/02/15 13:28:29 str0ke Exp $ milw0rmdrupalv4.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filt...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/15 12:0 a.m.38 views

Drupal &lt; 5.1 - Post Comments Remote Command Execution

!/usr/bin/perl $Id: milw0rmdrupalv5.pl,v 0.2 2007/02/15 13:40:29 str0ke Exp $ milw0rmdrupalv5.pl - Drupal Description ----------- Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filt...

7.4AI score
Exploits0
NVD
NVD
added 2007/01/31 6:28 p.m.30 views

CVE-2007-0626

The commentformaddpreview function in comment.module in Drupal before 4.7.6, and 5.x before 5.1, and vbDrupal, allows remote attackers with "post comments" privileges and access to multiple input filters to execute arbitrary code by previewing comments, which are not processed by "normal form...

6.5CVSS7.5AI score0.0335EPSS
Exploits0References10
securityvulns
securityvulns
added 2007/01/30 12:0 a.m.57 views

[DRUPAL-SA-2007-005] Drupal 4.7.6 / 5.1 fixes arbitrary code execution issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2007-005 ---------------------------------------------------------------------------- Project: Drupal core Version: 4.7.x, 5.x Date: 2007-Jan-29 Security risk: Highy critical Exploitabl...

0.6AI score
Exploits0
Typo3
Typo3
added 2005/11/07 12:0 a.m.20 views

th_mailformplus

A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...

7AI score
Exploits0Affected Software1
Rows per page
Query Builder