330 matches found
kernel: infiniband: uverbs: unprotected physical memory access
It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the uverbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate...
Cart Engine 3.0 - Multiple Vulnerabilities
Cart Engine 3.0 - Multiple Vulnerabilities === Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially...
CVE-2014-4599
Multiple cross-site scripting XSS vulnerabilities in forms/search.php in the WP-Business Directory wp-ttisbdir plugin 1.0.2 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 edit, 2 searchterm, 3 pageid, 4 page, or 5 pagelinks parameter...
chillycms 1.1.3 - Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: chillyCMS Multiple Vulnerabilities Vendor: http://frozenpepper.de/ Vulnerable Version: 1.1.3 Latest version till now Exploitation: Remote with browser Fix: N/A - Description: chillyCMS is a Content...
No-CMS 0.6.6 Cross Site Scripting
Exploit Title: No-CMS 0.6.6 Cross site scripting Date: 2014 18 March Author: Dr.3v1l Vendor Homepage: http://getnocms.com Version : 0.6.6 Tested on: Windows Category: webapps Google Dork: intext:"Powered by No-CMS" + Exploit : http:///No-CMS-master/No-CMS-master/index.php/installer/install URL...
WEBTASK SQL injection and fix-vulnerability warning-the black bar safety net
Author: phiA Test system:: BackTrack 5 Example: http://www.revistapenseleve.com.br/exibe.php?id=1395%27 SQLi http://www.reporterbrasil.com.br/exibe.php?id=22%27 SQLi http://www.penseleve.com.br/exibe.php?id=1575%27 SQLi many more @ google ! Solution: Filter exibe. php id=input parameters...
joomla component The Estate Agent (com_estateagent) SQL injection and fix-vulnerability warning-the black bar safety net
Title: joomla component comestateagent SQL injection Vulnerability Author: xDarkSton3x [email protected] Test system platforms: linux + windows Developer: http://www.eaimproved.eu/index.php Test: http://www.badguest.cn/index.php?option=comestateagent&Itemid=4 7&act=object&task=showEO&id=sqli...
Debian Security Advisory DSA 2414-1 (fex)
The remote host is missing an update to fex announced via advisory DSA 2414-1. OpenVAS Vulnerability Test $Id: deb24141.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2414-1 fex Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
DSA-2414-1 fex - cross-site scripting
Bulletin has no description...
4PSA CMS SQl injection flaws and fixes-vulnerability warning-the black bar safety net
Title: 4PSA CMS SQL Injection Vulnerabilities Author: BHG Security Center www.2cto.com Nitrojen90 Development program official website: http://www.4psa.com/ Affected version: latest version Risk level: high Testing platform: GNU/Linux - Windows Example: http://www.badguest.cn /print. php? id=SQL...
Mediashaker blind defect and repair-vulnerability warning-the black bar safety net
Title: Mediashaker Blind SQL Injection Vulnerabilitiy Author: H4ckCity Security Team www.badguest.cnWwW.H4ckCity.Org Affect all versions Developer: http://www.mediashaker.com/ Testing platform: GNU/Linux Ubuntu - Windows Server - win7 Sample test http://www.badguest.cn /content. php? id=1 Blind S...
Joomla component(com_dshop) SQL injection flaws and fixes-vulnerability warning-the black bar safety net
Title: Joomla Component comdshop SQL Injection Vulnerability Author: CoBRa21 www.badguest.cn uykucu at windowslive.com Level: high risk SQL defects http://www.badguest.cn /PATH/index. php? option=comdshop&controller=fpage&task=flypage&idofitem=1 2 SQL Test example...
phpBB MyPage plugin sql injection and fix-vulnerability warning-the black bar safety net
==================================================== MyPage plugin phpBB SQL Injection All versions ==================================================== Title: SQL Injection on the plugin, phpBB plugin MyPage Author: CrazyMouse from HackSociety.net version: 0.2.3 currently all versions are affect...
Wordpress plugins skysa-official of XSS flaws and fixes-vulnerability warning-the black bar safety net
Wordpress skysa-official plugin to allow the remote computer toxssinsert Wordpress skysa-official plugin Cross-Site Scripting Vulnerabilities Download address: http://wordpress.org/extend/plugins/skysa-official/ Test example: http://www.badguest.cn /path/wp-content/plugins/skysa-official/skysa...
WordPress Classipress Theme <= 3.1.4 Stored XSS
No description provided by source. Exploit Title: WordPress Classipress Theme = 3.1.4 Stored XSS Date: 2011-09-26 Author: Paul Loftness Contact:http://attackvectorlabs.blogspot.com Vendor: Appthemes LLc. Product Web Page: http://www.appthemes.com/themes/classipress/ Version: =3.1.4 Tested Version...
WordPress Theme classipress 3.1.4 - Persistent Cross-Site Scripting
Exploit Title: WordPress Classipress Theme = 3.1.4 Stored XSS Date: 2011-09-26 Author: Paul Loftness Contact:http://attackvectorlabs.blogspot.com Vendor: Appthemes LLc. Product Web Page: http://www.appthemes.com/themes/classipress/ Version: =3.1.4 Tested Versions: 3.1.4, 3.0.5.3 Summary:...
WordPress Pretty Link 1.4.56 Cross Site Scripting
No description provided by source. Vulnerability ID: HTB23049 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinprettylinkwordpressplugin.html Product: Pretty Link WordPress Plugin Vendor: Caseproof http://blairwilliams.com/ Vulnerable Version: 1.4.56 and probably prior Tested...
redmind Online-Shop / E-Commerce-System SQL injection flaws and fixes-vulnerability warning-the black bar safety net
Title: redmind Online-Shop / E-Commerce-System SQL Injection Vulnerability Software address: Test platform: Linux IDBlackcoder Author: MbahSemar www.92hack.net The defect file: http://www.xxxx.net/product.php?prodID=SQLi Example http://www.xxx.net/product.php?prodID=9999 and 1=2 union select...
AACMS injection 0day and fix-vulnerability warning-the black bar safety net
the includeonce 'common.php'; $keyword = $REQUEST'keyword'; //.....!@$%^& amp; ifempty$keyword sexit$lang'argerror'; $where = "; $where .= "title LIKE '%$keyword%'";//%for fuzzy queries, and more. $title = 'search'; .... include template'search'; POC...
Digital Scribe 1.5 (register_form()) Multiple POST XSS Vulnerabilities
Summary The Digital Scribe is a free, intuitive system designed to help teachers put student work and homework assignments online. Description Digital Scribe suffers from multiple POST XSS vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized...