Cluevo < 1.8.1 - Admin+ Stored Cross Site Scripting

The plugin does not sanitise and escape Course's module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed On the Learning Management page /wp-admin/admin.php?page=cluevo-lms, click Add Course, then put the followi...

CVE-2011-2503

The insertmodule function in runtime/staprun/staprunfuncs.c in the systemtap runtime tool staprun in SystemTap before 1.6 does not properly validate a module when loading it, which allows local users to gain privileges via a race condition between the signature validation and the module...

Phpbb-insert.txt

$ BiyoSecurity.Org & SecurityWall.Org $ Script Name : Phpbb insert module $ versions : 0.1.0 and 0.1.1 $ Risk : High $ Regard : KorsaN $ Thanks : Liz0zim , RMx , TRIP , DreamLord , Kubra $ Vulnerable File : functionsmoduser.php $ Vulnerable code : includeonce$phpbbrootpath...