CMSimple '/whizzywig/wb.php'跨站脚本漏洞

Bugtraq ID:66312 CVE ID:CVE-2014-2219 CMSimple是一个国外开源的简易内容管理系统。 CMSimple不正确过滤传递给"/whizzywig/wb.php"脚本的"d" HTTP GET参数数据，允许攻击者构建恶意URI，诱使用户解析，可获得敏感Cookie，劫持会话或在客户端上进行恶意操作。 0 CMSimple 3.54 用户可参考如下厂商提供的安全补丁以修复该漏洞： http://sourceforge.net/projects/cmsimple-le/files/cmsimpleclassic/ !/usr/bin/env python...

CVE-2008-3252

Stack-based buffer overflow in the readarticle function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period...

Newsx read_article()函数栈溢出漏洞

BUGTRAQ ID: 30231 NewsX NNTP客户端是一款用于访问Internet News服务器的程序。 NewsX处理畸形服务端回应数据时存在漏洞，如果运行NewsX获得新闻组的话，就可能触发栈溢出，导致客户端崩溃。 漏洞起因是在src/getarticle.c文件中： static int readarticlelong where,char group char linebufMAXHEADERSIZE+1, line; ... line=linebuf; ... for ;; if !getservermsgline, MAXHEADERSIZE ... if...

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...

Sql injection

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section aka WF-Sections 1.0.1, as used in Xoops modules such as 1 Zmagazine 1.0, 2 Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via...