1933 matches found
DiscuzX2个人空间图片EXIF信息XSS
简要描述: DiscuzX2个人空间图片EXIF信息XSS 详细说明: 图片里插入非法的EXIF信息。你懂的 xss漏洞产生。。。不过有点鸡肋,在特定条件下才能读取到EXIF信息。 漏洞证明: 图片里插入非法的EXIF信息。你懂的 img src="https://images.seebug.org/upload/201205/23215725fa5b5ae0b26fed9a7445b563cda46eb5.png" alt="" width="600" onerror="javascript:errimgthis;...
FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)
Foswiki team reports : When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as 'FirstName' or 'OrganisationName'. By design, Foswiki's normal editing features allow...
Mitsubishi.ru Cross Site Scripting / SQL Injection
Exploit Title: Mitsubishi.ru XSS/SQL Injection Vulnerability Date: 23/04/2012 Author: Ryuzaki Lawlet Web/Blog: http://justryuz.blogspot.com Category: webapps Security:RISK: High Vendor or Software Link:- Google dork: - Tested on: Linux Exploit/p0c : http://localhost:80/rac.php?m=xss...
foswiki -- Script Insertion Vulnerability via unchecked user registration fields
Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...
Unfixed Script Insertion vulnerability at www.profileex.com
Security researcher Sony, has submitted on 04/01/2012 a Script Insertion vulnerability affecting www.profileex.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It is currently unfixed. If...
Unfixed Script Insertion vulnerability at www.milw0rm.nl
Security researcher shellc0de, has submitted on 17/03/2012 a Script Insertion vulnerability affecting www.milw0rm.nl, which at the time of submission ranked 13100591 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/04/2012. It is currently...
Zend Server 5.6.0 multiple remote script insertion defect and repair-vulnerability warning-the black bar safety net
!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Author: Zend Technologies Ltd. Product home page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Brid...
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...
Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities
Summary Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. Description Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent stored XSS issues are triggered when input passed via several paramete...
Zend Server 5.6.0 Script Insertion
Exploit for php platform in category web applications 0day.today 2018-01-03...
PlumeCMS <= 1.2.4 CSRF Vulnerability
Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS CSRF Exploit to add and publish News input type="hidden"...
Unfixed Script Insertion vulnerability at www.pingplace.nl
Security researcher Killer-TR, has submitted on 18/02/2012 a Script Insertion vulnerability affecting www.pingplace.nl, which at the time of submission ranked 2570652 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/08/2012. It is currently...
Unfixed Script Insertion vulnerability at jicama.cs.washington.edu
Security researcher Sony, has submitted on 16/02/2012 a Script Insertion vulnerability affecting jicama.cs.washington.edu, which at the time of submission ranked 3079 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/02/2012. It is currently...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting XSS sequences via the 1 address or 2 threadid parameters to operator/ban.php; or 3...
Debian Security Advisory DSA 2365-1 (dtc)
The remote host is missing an update to dtc announced via advisory DSA 2365-1. OpenVAS Vulnerability Test $Id: deb23651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2365-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
Debian: Security Advisory (DSA-2365-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Unfixed Script Insertion vulnerability at pastehtml.com
Security researcher RemoteExecution, has submitted on 23/01/2012 a Script Insertion vulnerability affecting pastehtml.com, which at the time of submission ranked 34012 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/01/2012. It is currently...
Unfixed Script Insertion vulnerability at amhost.bplaced.net
Security researcher shellc0de, has submitted on 23/01/2012 a Script Insertion vulnerability affecting amhost.bplaced.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently...
Debian DSA-2365-1 : dtc - several vulnerabilities
Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...
DSA-2365-1 dtc - several
Bulletin has no description...