Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the 1 subject parameter and 2 contents parameter aka body in an insertquestion action. NOTE: some of these...

CVE-2009-4518

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

Cross site scripting

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

CVE-2009-4518

CVE-2009-4518 affects Drupal’s Insert Node module 5.x before 5.x-1.2. It enables remote attackers to inject arbitrary web script or HTML via an inserted node, resulting in a cross-site scripting (XSS) vulnerability. The affected component is the Insert Node module (5.x line); the root cause is im...

CVE-2009-4518

Cross-site scripting XSS vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node...

WSCreator 1.1 Blind SQL Injection

WSCreator 1.1 Blind SQL Injection Name WSCreator Vendor http://www.wscreator.com Versions Affected 1.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-15 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III...

WSCreator 1.1 - Blind SQL Injection

WSCreator 1.1 - Blind SQL Injection Name WSCreator Vendor http://www.wscreator.com Versions Affected 1.1 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2009-12-15 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III...

South data get shell summary-vulnerability warning-the black bar safety net

By upfileother. asp vulnerability file taken directly SHELL Directly open userreg. asp for registered members, log in not logged state, use local Upload File Upload code is as follows: HTMLHEAD META http-equiv=Content-Type content="text/html; charset=gb2312" STYLE type=text/cssBODY FONT-SIZE: 9pt...

Microsoft SQL Server INSERT Statement Buffer Overflow (MS08-040; CVE-2008-0106)

Microsoft SQL Server is a popular relational database management system RDBMS. Microsoft SQL Server can be administered programmatically using system stored procedures, or through Distributed Management Objects DMO. Its primary query language is Transact-SQL, an implementation of the ANSI/ISO...

IBM Db2 Multiple Vulnerabilities (Oct 2009) - Windows

IBM Db2 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM DB2 Multiple Vulnerabilities - Oct09 (Linux)

The host is installed with IBM DB2 and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbibmdb2multvulnlinoct09.nasl 7113 2017-09-13 06:03:30Z cfischer $ IBM DB2 Multiple Vulnerabilities - Oct09 Linux Authors: Antu Sanadi Copyright: Copyright c 2009 Greenbone Networks GmbH,...

CVE-2009-3472

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors...

CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

CVE-2009-3258

vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete 1 attachments, 2 reports, 3 filters, 4 views, and 5 tickets; insert 6 attachments, 7 reports, 8 filters, 9 views, and 10 tickets; and edit 11 reports, 12 filters, 13 views, and 14 tickets via...

[Follow_me series]oracle Shell-vulnerability warning-the black bar safety net

The patch from Sun network technology Forum: Days male the starter, reproduced indicate the source of! 1. SQL create tablespace kjtest datafile 'e:\website\kj.asp' 2. size 100k nologging ; Copy the code This will create the Table space. It should be noted that the oracle of the Table, The smalles...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Analysis Backdoor detection techniques-vulnerability warning-the black bar safety net

First of all we want to know what is the backdoor program? On the network common to the“back door”to explain, in fact, we can use a very simple word to summarize it: the back door is left in the computer system, for a particular use by a particular way of controlling a computer system of the...

CVE-2008-6470

Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the 1 mods/messages/getusers.php and 2 mods/abcode/listimg.php files. NOTE: some of the...

Information disclosure

Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 allow remote attackers to obtain sensitive information, and possibly have unknown other impact, via vectors related to "javascript insert" and the 1 mods/messages/getusers.php and 2 mods/abcode/listimg.php files. NOTE: some of the...

CVE-2008-6470

CVE-2008-6470 tracks multiple unspecified vulnerabilities in ClanSphere prior to version 2008.2.1 that enable remote attackers to obtain sensitive information via attack vectors tied to a (1) mods/messages/getusers.php and (2) mods/abcode/listimg.php files, according to the NVD entry. The impact ...