4739 matches found
html-edit CMS Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22734 Reference: http://www.htbridge.ch/advisory/sqlinjectioninhtmleditcms.html Product: HTML-EDIT CMS Vendor: html-edit web services http://www.html-edit.org/ Vulnerable Version: 3.1.8 Vendor Notification: 02 December 2010 Vulnerability Typ...
PHPDug 2.0.0 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type:...
VideoGirls forum.php t Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36168/info VideoGirls is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context...
PHP MicroCMS 1.0.1 CSRF and XSS Vulnerabilities
No description provided by source. Vulnerability ID: HTB22765 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpmicrocms.html Product: PHP MicroCMS Vendor: ApPHP http://www.apphp.com/ Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability...
BEdita 3.0.1.2550 - Multiple Vulnerabilities
No description provided by source. Vulnerability ID: HTB22729 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinbedita.html Product: BEdita Vendor: Chialab & ChannelWeb http://www.bedita.com/ Vulnerable Version: 3.0.1.2550 betula and probably prior versions Vendor Notification: 30 November 201...
support.software.dell.com Cross Site Scripting
Advisory: support.software.dell.com Cross-Site Script Vulnerability XSS Advisory ID: 14062014 Author: Roberto Garcia @1gbDeInfo Affected Software: Successfully tested on support.software.dell.com Vendor URL: https://support.software.dell.com Vendor Status: informed and solved, but nobody told m...
Updated iceape packages fix multiple vulnerabilities
Updated iceape packages fix security issues: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allow remote attackers to cause a denial of service memory corruption and...
CVE-2014-1539
Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do not ensure visibility of the cursor after interaction with a Flash object and a DIV element, which makes it easier for remote attackers to conduct clickjacking attacks via JavaScript code that produces a fake cursor image...
Mandriva Linux Security Advisory : otrs (MDVSA-2014:111)
Updated otrs package fixes security vulnerabilities : A logged in attacker could insert special content in dynamic fields, leading to JavaScript code being executed in OTRS CVE-2014-2553. An attacker could embed OTRS in a hidden iframe tag of another page, tricking the user into clicking links in...
PHPYUN cloud talent system background CSRF Getshell-a vulnerability warning-the black bar safety net
phpyun background no authentication token, by the CSRF directly getshell First, from the background getshell start. The web site's configuration file,/plus/config.php using double quotes to do the key value, which leads to security issues. We can put php code to write into the double quotes insid...
Coremail邮件系统存储型XSS之二
简要描述: 设计错误导致可执行恶意JavaScript代码并窃取用户cookies 详细说明: 将特制的swf文件作为附件发送给受害者(这里可以选择在过节的时候下手,比如将文件名改称新年贺卡.swf): swf文件的AS代码如下(将就着看吧,东拼西凑整出来的): package import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import flash.events.Event; import flash.net.URLLoader;...
CVE-2014-1770
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMarkup::CreateInitialMarkup function...
CVE-2014-1743
Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via crafted...
CVE-2014-1743
Removed by vendor...
Cross site scripting
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive information and gain privileges by accessing the loginName and loginPassword variables using an...
CVE-2013-7385
Technical details about this CVE are not publicly available in the provided Connected documents. Monitor for updates.
PHPYUN云人才系统后台CSRF Getshell
简要描述: phpyun后台没有验证token,可以通过CSRF直接getshell 详细说明: 首先从后台getshell开始。 网站的配置文件,/plus/config.php,用的是双引号做键值,这导致了安全问题。我们可以把php代码写进双引号里面执行。 修改配置文件,提交: 然后访问/plus/config.php: 特别的是,因为phpyun后台没有防御CSRF的办法,所以我们可以构造一个表单,诱使管理员访问,修改配置文件,导致getshell。 详见漏洞证明。 漏洞证明:...
[ MDVSA-2014:054 ] otrs
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2014:054 http://www.mandriva.com/en/support/security/ Package : otrs Date : March 13, 2014 Affected: Business Server 1.0 Problem Description: Updated otrs package fixes security vulnerability: An attacker could...
[SECURITY] Stored Cross Site Scripting in Ektron CMS 8.7
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stored Cross Site Scripting in Ektron CMS 8.7 CVE reference: CVE-2014-2729 Affected platforms: Ektron Web Content Management System Version: 8.7.0 Date: 2013-December-19 Security risk: Medium CVSS - AV:N/AC:L/Au:S/C:P/I:P/A:N Researcher: Joseph Zeng...
CVE-2014-1524
The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 does not properly check whether objects are XBL objects, which allows remote attackers to execute arbitrary code or cause a denial of...