Lucene search
K

1933 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2011/11/28 12:0 a.m.37 views

Translate helper method which may allow an attacker to insert arbitrary code into a page

The helper method for i18n translations has a convention whereby translations strings with a name ending in 'html' are considered HTML safe. There is also a mechanism for interpolation. It has been discovered that these 'html' strings allow arbitrary values to be contained in the interpolated...

4.3CVSS2.3AI score0.01638EPSS
Exploits0References3Affected Software1
seebug.org
seebug.org
added 2011/10/13 12:0 a.m.30 views

Microsoft Publisher 2007 Pubconv.dll内存破坏漏洞

CVE ID: CVE-2011-1508 Microsoft Publisher是微软公司发行的桌面出版应用软件。 Publisher 2007中存在输入验证错误,可被远程攻击者利用通过诱使用户在文档中插入特制的.pub文件执行任意代码。 通过修改.pub文件,可使pubconv.dll库复制很多文件内容到栈中,从而覆盖稍后执行的函数指针。 Microsoft Publisher 2007 12.0.6546.5000 厂商补丁: Microsoft --------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

9.3CVSS6.4AI score0.14451EPSS
Exploits2
Gentoo Linux
Gentoo Linux
added 2011/10/10 12:0 a.m.50 views

Bugzilla: Multiple vulnerabilities

Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct cross-site scripting attacks, conduct script...

7.5CVSS9.5AI score0.02713EPSS
Exploits5
Packet Storm
Packet Storm
added 2011/09/27 12:0 a.m.24 views

Vanira CMS SQL Injection

=========================================================== Vanira-cms Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

0.7AI score
Exploits0
exploitpack
exploitpack
added 2011/09/27 12:0 a.m.13 views

Vanira CMS - vtpidshow SQL Injection

Vanira CMS - vtpidshow SQL Injection source: https://www.securityfocus.com/bid/49789/info Vanira CMS is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit will allow an attacker to...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2011/09/22 12:0 a.m.21 views

OneCMS 2.6.4 SQL Injection

=========================================================== OneCMS 2.6.4 Remote SQL insertion Vulnerability ----------------------------------------------------------- foun by :kurdish hackers team group : kurd-team contact : [email protected] site : kurdteam.org...

0.1AI score
Exploits0
htbridge
htbridge
added 2011/08/24 12:0 a.m.33 views

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

4.3CVSS6AI score0.01318EPSS
Exploits1Affected Software1
myhack58
myhack58
added 2011/08/12 12:0 a.m.19 views

DEDECMS get SHELL EXP-vulnerability warning-the black bar safety net

Network transmission is said to know the background to use, but don't, as long as the plus the directory exists, the server can even outside, you can get the shell www.t00ls.net5 G$ w& h" m! n9 S: G Before the title conditions, you must ready yourself for the dede database, and then insert the...

7.2AI score
Exploits0
Packet Storm
Packet Storm
added 2011/08/08 12:0 a.m.34 views

Simple Machines Forum 2.0 Session Hijacking

Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csrf attacks sending a session token in all the requests...

0.4AI score
Exploits0
0day.today
0day.today
added 2011/08/07 12:0 a.m.36 views

Simple Machines forum (SMF) 2.0 session hijacking

Exploit for php platform in category web applications Simple Machines forum SMF 2.0 session hijacking Found by The X-C3LL and seth http://0verl0ad.blogspot.com/ || http://xd-blog.com.ar/ 2011-08-06 Website: http://www.simplemachines.org/ Greets: yoyahack, eddyw, www.portalhacker.net SMF stops csr...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2011/08/06 12:0 a.m.27 views

ATutor AContent 1.1 Script Insertion

AContent 1.1 categoryname Remote Script Insertion Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/08/06 12:0 a.m.23 views

acontent 1.1 - Multiple Vulnerabilities

acontent 1.1 - Multiple Vulnerabilities AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used ...

0.3AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2011/08/06 12:0 a.m.32 views

AContent 1.1 (category_name) Remote Script Insertion Vulnerability

Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...

5.8AI score
Exploits0
Exploit DB
Exploit DB
added 2011/08/06 12:0 a.m.27 views

acontent 1.1 - Multiple Vulnerabilities

AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable, accessible,...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/07/16 12:0 a.m.22 views

MyST BlogSite URL Redirect / Information Leakage

=============================== MyST BlogSite | Multiple Vulnerabilities =============================== 1. VULNERABILITY DESCRIPTION -- Issue Title: Arbitrary URL Redirect Component: MyST BlogSite ClickDirector Ref: OWASP - Top 10 - 2010 - A10 Ref-Link:...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2011/07/15 5:14 a.m.6 views

kernel: agp: insufficient pg_start parameter checking in AGPIOC_BIND and AGPIOC_UNBIND ioctls

Integer overflow in the agpgenericinsertmemory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 allows local users to gain privileges or cause a denial of service system crash via a crafted AGPIOCBIND agpioctl ioctl call...

6.9CVSS7.2AI score0.00384EPSS
Exploits1References4
xssed
xssed
added 2011/07/06 12:0 a.m.11 views

Unfixed Script Insertion vulnerability at www.fdp-korschenbroich.org.liberale.de

Security researcher Marius Schiffer, has submitted on 07/06/2011 a Script Insertion vulnerability affecting www.fdp-korschenbroich.org.liberale.de, which at the time of submission ranked 665185 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/29 8:55 a.m.11 views

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data. Impact A remote attacker could insert arbitrary data on the top of communication data. Solution Please refer to the 'Vendor Information' section for the officia...

9.8CVSS8.1AI score0.87264EPSS
Exploits14References7
Zero Science Lab
Zero Science Lab
added 2011/06/23 12:0 a.m.23 views

NetServe Web Server v1.0.58 Multiple Remote Vulnerabilities

Summary NetServe is a super compact Web Server and File Sharing application for Windows NT, 95, 98, 2000, and XP. It's HTTP Web Server can serve all types of files including html, gif and jpeg, actually any files placed in your NetServe directory can be served. New key features include...

5.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/06/10 12:0 a.m.32 views

Debian DSA-2242-1 : cyrus-imapd-2.2 - implementation error

It was discovered that the STARTTLS implementation of the Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is in plac...

5.1CVSS5.4AI score0.03999EPSS
Exploits0References4
Rows per page
Query Builder