Lucene search
K

1933 matches found

seebug.org
seebug.org
added 2012/05/23 12:0 a.m.17 views

DiscuzX2个人空间图片EXIF信息XSS

简要描述: DiscuzX2个人空间图片EXIF信息XSS 详细说明: 图片里插入非法的EXIF信息。你懂的 xss漏洞产生。。。不过有点鸡肋,在特定条件下才能读取到EXIF信息。 漏洞证明: 图片里插入非法的EXIF信息。你懂的 img src="https://images.seebug.org/upload/201205/23215725fa5b5ae0b26fed9a7445b563cda46eb5.png" alt="" width="600" onerror="javascript:errimgthis;...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/05/21 12:0 a.m.23 views

FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)

Foswiki team reports : When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as 'FirstName' or 'OrganisationName'. By design, Foswiki's normal editing features allow...

2.1CVSS5.8AI score0.01425EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2012/04/24 12:0 a.m.42 views

Mitsubishi.ru Cross Site Scripting / SQL Injection

Exploit Title: Mitsubishi.ru XSS/SQL Injection Vulnerability Date: 23/04/2012 Author: Ryuzaki Lawlet Web/Blog: http://justryuz.blogspot.com Category: webapps Security:RISK: High Vendor or Software Link:- Google dork: - Tested on: Linux Exploit/p0c : http://localhost:80/rac.php?m=xss...

0.3AI score
Exploits0
FreeBSD
FreeBSD
added 2012/04/13 12:0 a.m.27 views

foswiki -- Script Insertion Vulnerability via unchecked user registration fields

Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...

2.1CVSS6.4AI score0.01425EPSS
Exploits1References1
xssed
xssed
added 2012/04/01 12:0 a.m.16 views

Unfixed Script Insertion vulnerability at www.profileex.com

Security researcher Sony, has submitted on 04/01/2012 a Script Insertion vulnerability affecting www.profileex.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It is currently unfixed. If...

Exploits0References1
xssed
xssed
added 2012/03/17 12:0 a.m.15 views

Unfixed Script Insertion vulnerability at www.milw0rm.nl

Security researcher shellc0de, has submitted on 17/03/2012 a Script Insertion vulnerability affecting www.milw0rm.nl, which at the time of submission ranked 13100591 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/04/2012. It is currently...

Exploits0References1
myhack58
myhack58
added 2012/03/13 12:0 a.m.35 views

Zend Server 5.6.0 multiple remote script insertion defect and repair-vulnerability warning-the black bar safety net

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Author: Zend Technologies Ltd. Product home page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Brid...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/03/12 12:0 a.m.27 views

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

0.2AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2012/03/10 12:0 a.m.37 views

Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities

Summary Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. Description Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent stored XSS issues are triggered when input passed via several paramete...

6AI score
Exploits0
0day.today
0day.today
added 2012/03/10 12:0 a.m.22 views

Zend Server 5.6.0 Script Insertion

Exploit for php platform in category web applications 0day.today 2018-01-03...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/02/20 12:0 a.m.12 views

PlumeCMS <= 1.2.4 CSRF Vulnerability

Exploit for php platform in category web applications +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : PlumeCMS CSRF Exploit to add and publish News input type="hidden"...

7.1AI score
Exploits0
xssed
xssed
added 2012/02/18 12:0 a.m.22 views

Unfixed Script Insertion vulnerability at www.pingplace.nl

Security researcher Killer-TR, has submitted on 18/02/2012 a Script Insertion vulnerability affecting www.pingplace.nl, which at the time of submission ranked 2570652 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/08/2012. It is currently...

Exploits0References1
xssed
xssed
added 2012/02/16 12:0 a.m.16 views

Unfixed Script Insertion vulnerability at jicama.cs.washington.edu

Security researcher Sony, has submitted on 16/02/2012 a Script Insertion vulnerability affecting jicama.cs.washington.edu, which at the time of submission ranked 3079 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/02/2012. It is currently...

Exploits0References1
Prion
Prion
added 2012/02/14 12:55 a.m.10 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Mibew Messenger 1.6.4 and earlier allow remote attackers to hijack the authentication of operators for requests that insert cross-site scripting XSS sequences via the 1 address or 2 threadid parameters to operator/ban.php; or 3...

6CVSS6.9AI score0.00709EPSS
Exploits1References6Affected Software1
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.26 views

Debian Security Advisory DSA 2365-1 (dtc)

The remote host is missing an update to dtc announced via advisory DSA 2365-1. OpenVAS Vulnerability Test $Id: deb23651.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2365-1 dtc Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

6.5CVSS0.2AI score0.01542EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.26 views

Debian: Security Advisory (DSA-2365-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.5CVSS6.5AI score0.01542EPSS
Exploits0References3
xssed
xssed
added 2012/01/23 12:0 a.m.8 views

Unfixed Script Insertion vulnerability at pastehtml.com

Security researcher RemoteExecution, has submitted on 23/01/2012 a Script Insertion vulnerability affecting pastehtml.com, which at the time of submission ranked 34012 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/01/2012. It is currently...

0.3AI score
Exploits0References1
xssed
xssed
added 2012/01/23 12:0 a.m.21 views

Unfixed Script Insertion vulnerability at amhost.bplaced.net

Security researcher shellc0de, has submitted on 23/01/2012 a Script Insertion vulnerability affecting amhost.bplaced.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently...

Exploits0References1
Tenable Nessus
Tenable Nessus
added 2012/01/12 12:0 a.m.29 views

Debian DSA-2365-1 : dtc - several vulnerabilities

Ansgar Burchardt, Mike O'Connor and Philipp Kern discovered multiple vulnerabilities in DTC, a web control panel for admin and accounting hosting services : - CVE-2011-3195 A possible shell insertion has been found in the mailing list handling. - CVE-2011-3196 Unix rights for the apache2.conf wer...

6.5CVSS5.6AI score0.01542EPSS
Exploits0References22
OSV
OSV
added 2011/12/18 12:0 a.m.50 views

DSA-2365-1 dtc - several

Bulletin has no description...

6.5CVSS6AI score0.01542EPSS
Exploits0
Rows per page
Query Builder