1933 matches found
Translate helper method which may allow an attacker to insert arbitrary code into a page
The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated...
Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞
CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误,可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件,可使pubconv.dll库复制很多文件内容到栈中,从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁: Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Bugzilla: Multiple vulnerabilities
Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct cross-site scripting attacks, conduct script...
Vanira CMS SQL Injection
=========================================================== Vanira-cms Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...
Vanira CMS - vtpidshow SQL Injection
Vanira CMS - vtpidshow SQL Injection source: https://www.securityfocus.com/bid/49789/info Vanira CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit will allow an attacker to...
OneCMS 2.6.4 SQL Injection
=========================================================== OneCMS 2.6.4 Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...
Cross-site Scripting (XSS) Vulnerabilities in XOOPS
High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...
DEDECMS get SHELL EXP-vulnerability warning-the black bar safety net
Network transmission is said to know the background to use, but don't, as long as the plus the directory exists, the server can even outside, you can get the shell www.t00ls.net5 G$ w& h" m! n9 S: G Before the title conditions, you must ready yourself for the dede database, and then insert the...
Simple Machines Forum 2.0 Session Hijacking
Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a session token in all the requests...
Simple Machines forum (SMF) 2.0 session hijacking
Exploit for php platform in category web applications Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csr...
ATutor AContent 1.1 Script Insertion
AContent 1.1 categoryname Remote Script Insertion Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable,...
acontent 1.1 - Multiple Vulnerabilities
acontent 1.1 - Multiple Vulnerabilities AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used ...
AContent 1.1 (category_name) Remote Script Insertion Vulnerability
Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...
acontent 1.1 - Multiple Vulnerabilities
AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable, accessible,...
MyST BlogSite URL Redirect / Information Leakage
=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...
kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls
Integer overflow in the agpgenericinsertmemory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCBIND agpioctl ioctl call...
Unfixed Script Insertion vulnerability at www.fdp-korschenbroich.org.liberale.de
Security researcher Marius Schiffer, has submitted on 07/06/2011 a Script Insertion vulnerability affecting www.fdp-korschenbroich.org.liberale.de, which at the time of submission ranked 665185 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...
Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol
Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...
NetServe Web Server v1.0.58 Multiple Remote Vulnerabilities
Summary NetServe is a super compact Web Server and File Sharing application for Windows NT, 95, 98, 2000, and XP. It's HTTP Web Server can serve all types of files including html, gif and jpeg, actually any files placed in your NetServe directory can be served. New key features include...
Debian DSA-2242-1 : cyrus-imapd-2.2 - implementation error
It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in plac...