Advance-Flow cross-site scripting vulnerability

Overview Advance-Flow is an electronic authorization system. Advance-Flow contains a cross-site scripting vulnerability in its application form. Advance-Flow provided by OSK Co. LTD contains a cross-site scripting vulnerability, as it does not properly handle output data. Some application forms a...

adv94-K-159-2008.txt

ECHOADV94$2008 ----------------------------------------------------------------------------------------- ECHOADV94$2008 Kmita Mail = 3.0 file Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni...

PYSEC-2008-12

The user form processing userform.py in MoinMoin before 1.6.3, when using ACLs or a non-empty superusers list, does not properly manage users, which allows remote attackers to gain privileges...

DEBIAN-CVE-2008-0165

Cross-site request forgery CSRF vulnerability in Ikiwiki before 2.42 allows remote attackers to modify user preferences, including passwords, via the 1 preferences and 2 edit forms...

dotnetnuke-expose.txt

=========================================================== DotNetNuke Default Machine Key Exposure Public Release Date: March 20, 2008 Brian Holyfield - Gotham Digital Science [email protected] Affected Software: DotNetNuke = 4.8.1 Severity: Critical...

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

SA-2008-018 - Drupal core - Cross site scripting

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...

CVE-2008-0855

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

Sql injection

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

CVE-2008-0855

CVE-2008-0855 describes an SQL injection in the Facile Forms (com_facileforms) component for Joomla! and Mambo, exploitable via the catid parameter to index.php. The vulnerability, as documented by NVD, has a base score of 7.5 (HIGH) with network attack vector, no authentication, and partial impa...

CVE-2008-0855

SQL injection vulnerability in the Facile Forms comfacileforms component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php...

Facile Forms 1.x - 'catid' SQL Injection

source: https://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Facile Forms 1.x - catid SQL Injection

Facile Forms 1.x - catid SQL Injection source: https://www.securityfocus.com/bid/27880/info Facile Forms is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

Cross site request forgery (csrf)

The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.1, a module for Drupal, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks and delete custom editor interfaces...

CVE-2007-6320

Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does not follow Drupal's Forms API submission model, which allows remote attackers to conduct cross-site request forgery CSRF attacks...

Microsoft Forms 2.0 ActiveX控件内存访问冲突拒绝服务漏洞

BUGTRAQ ID: 26414 CNCAN ID:CNCAN-2007111603 Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities Microsoft Forms 2.0是一款微软提供的表单控件。 Microsoft Forms包含的ActiveX控件存在设计错误，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 构建恶意的WEB页，诱使用户访问，可导致使用Microsoft Forms的应用程序崩溃。 Microsoft Forms...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash...

Microsoft Forms 2.0 - ActiveX Control 2.0 Memory Access Violation Denial of Service

source: https://www.securityfocus.com/bid/26414/info Microsoft Forms 2.0 ActiveX Control is prone to multiple memory-access violation denial-of-service vulnerabilities. Attackers can exploit these issues to crash Internet Explorer and deny service to legitimate users. Note: Forms 2.0 ActiveX is...

CVE-2007-5594

Drupal 5.x before 5.3 does not apply its Drupal Forms API protection against the user deletion form, which allows remote attackers to delete users via a cross-site request forgery CSRF attack...