CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

Drupal core - Cross site request forgeries

Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a privileged users to visit...

drupal -- Cross site request forgeries

The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses

PR07-21: Webbler CMS forms are susceptible to spamming and phishing abuses This advisory has been published following consultation with UK CPNI formerly known as NISCC Date Found: 14th June 2007 Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as well. Not...

Vulnerability - cpCommerce - XSS

cpcommerce is a FOSS php-based e-commerce shopping cart web application. Exploit: Javascript placed inside a user's "Full Name:" field will not be stripped - it will be added to the database 'as-is' as long as it has no quotations in the string. When the admin goes to the clients view page, the...

CVE-2007-1828

Multiple cross-site scripting XSS vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the QUERYSTRING corresponding to drop downs or 2 various forms...

CVE-2007-1832

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files 1 via a crafted filename or 2 by "using percent encoding in forms."...

Cross site scripting

Cross-site scripting XSS vulnerability in the DHT shell owdhtshell in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms...

CVE-2007-1780

Cross-site scripting XSS vulnerability in the DHT shell owdhtshell in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HTML via fields in certain input forms...

Cross site request forgery (csrf)

WebAPP before 0.9.9.5 does not check referrers in certain forms, which might facilitate remote cross-site request forgery CSRF attacks or have other unknown impact...

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

CVE-2007-1181

WebAPP before 0.9.9.5 passes 1 Unused Informations and 2 the username through Edit Profile forms, which has unknown impact and attack vectors...

CVE-2007-1185

The 1 Search, 2 Edit Profile, 3 Recommend, and 4 User Approval forms in WebAPP before 0.9.9.5 use hidden inputs, which has unknown impact and remote attack vectors...

Mozilla Foundation Security Advisory 2007-02

Mozilla Foundation Security Advisory 2007-02 Title: Improvements to help protect against Cross-Site Scripting attacks Impact: Low Announced: February 23, 2007 Reporter: various Products: Firefox, SeaMonkey Fixed in: Firefox 2.0.0.2 Firefox 1.5.0.10 SeaMonkey 1.0.8 Firefox 2.0.0.2 and 1.5.0.10...

crfdb-disclose.txt

Title : Capital Request Forms Db Username and Password Vulnerabilities Author : Gokhan Contact : [email protected] Dork : inurl:commondb.inc Script : http://selfemployment.douglas.bc.ca/caprequest/ ExpLoit : http://site/path/inc/commondb.inc ; Code : commondb.inc...

CVE-2007-0880

CVE-2007-0880 describes an access-control flaw where the application stores sensitive information under the web root, enabling remote attackers to retrieve database credentials by directly requesting inc/common_db.inc. The document set confirms the affected vector as an unauthenticated direct req...

Capital Request Forms Db Username and Password Vulnerabilities

Title : Capital Request Forms Db Username and Password Vulnerabilities Author : Gokhan Contact : [email protected] Dork : inurl:commondb.inc Script : http://selfemployment.douglas.bc.ca/caprequest/ ExpLoit : http://site/path/inc/commondb.inc ; Code : commondb.inc...

USN-398-4: Firefox regression

USN-398-2 fixed vulnerabilities in Firefox 1.5. However, when auto-filling saved-password login forms without a username field, Firefox would crash. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Various flaws have been reported that allow an attacke...