8132 matches found
DEBIAN-CVE-2012-3540
Open redirect vulnerability in views/authforms.py in OpenStack Dashboard Horizon Essex 2012.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter to auth/login/. NOTE: this issue was originally assigned CVE-2012-3542 by...
WordPress TDO Mini Forms Arbitrary File Upload
Exploit Title: Wordpress "TDO Mini Forms" File Upload Vulnerability Google Dork: "tdomf-upload-inline.php?tdomfformid=1 index" Date: 31/9/12 Exploit Author: HodLuM Vendor Homepage: unknown Software Link: http://thedeadone.net/download/tdo-mini-forms-wordpress-plugin/ Version: All Tested on: 2.x.x...
SA-CONTRIB-2012-135 - CAPTCHA - Insufficient anti-automation prevention
This module enables you to protect website forms using a CAPTCHA. A CAPTCHA is a test which attempts to differentiate between a human and an automated bot or script. The module doesn't ensure that test submissions have a single-use unique token. This means that web robots could reuse a single...
CVE-2012-2071
Cross-site scripting XSS vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2071
Cross-site scripting XSS vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-2071
The CVE-2012-2071 entry affects the Drupal 6.x-1.x Contact Forms module (prior to 6.x-1.13) when the core contact form is enabled. The vulnerability is an XSS flaw that allows remote authenticated users with the administer site-wide contact form permission to inject arbitrary web script or HTML v...
emacs -- remote code execution vulnerability
Chong Yidong reports: Paul Ling has found a security flaw in the file-local variables code in GNU Emacs. When the Emacs user option enable-local-variables' is set to :safe' the default value is t, Emacs should automatically refuse to evaluate eval' forms in file-local variable sections. Due to th...
PYSEC-2012-3
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...
PYSEC-2012-3
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...
CVE-2012-3443
The vulnerability CVE-2012-3443 affects Django’s ImageField in the form system. Django before 1.3.2 and 1.4.x before 1.4.1 decompress image data during image validation, which can cause denial of service through memory consumption when processing an image upload. Public advisories and vendor note...
CVE-2012-3443
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a denial of service memory consumption by uploading an image file...
Oracle WebCenter Forms Recognition Sssplt30.ocx Arbitrary File Creation (CVE-2012-1710)
A directory traversal vulnerability has been reported in Oracle WebCenter Forms Recognition...
CVE-2011-4301
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...
CVE-2011-4301
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...
Design/Logic Flaw
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...
CVE-2011-4301
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant...
CVE-2011-4301
The CVE-2011-4301 issue affects Moodle’s Forms Library (MoodleQuickForm in lib/formslib.php) where the Forms API setConstant operation is not recognized. This allows remote attackers to submit unexpected form content by modifying constant field values. Affected versions are Moodle 1.9.x prior to ...
http-phpself-xss NSE Script
Crawls a web server and attempts to find PHP files vulnerable to reflected cross site scripting via the variable $SERVER"PHPSELF". This script crawls the webserver to create a list of PHP files and then sends an attack vector/probe to identify PHPSELF cross site scripting vulnerabilities. PHPSELF...