Lucene search
K

406 matches found

Cvelist
Cvelist
added 2009/02/25 11:0 p.m.23 views

CVE-2008-6275

Cross-site scripting XSS vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages...

5.8AI score0.01065EPSS
Exploits0References5
CVE
CVE
added 2009/02/25 11:0 p.m.54 views

CVE-2008-6276

CVE-2008-6276 describes SQL injection vulnerabilities in the Drupal module User Karma. Affected versions are 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1. The flaws allow remote authenticated administrators to execute arbitrary SQL commands via either a content type or a voting API value. The...

6.5CVSS8.4AI score0.00932EPSS
Exploits0References5Affected Software1
seebug.org
seebug.org
added 2008/11/30 12:0 a.m.26 views

Drupal User Karma模块跨站脚本和SQL注入漏洞

BUGTRAQ ID: 32491 Drupal的User Karma模块用于显示和管理用户的karma点数。 User Karma模块没有正确地过滤内容类型和投票API值便用在了SQL查询中,这可能导致SQL注入攻击;此外攻击者还可以通过向该模块提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Drupal User Karma 6.x Drupal User Karma 5.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

6.9AI score
Exploits0
Metasploit
Metasploit
added 2008/07/22 3:51 p.m.13 views

DNS Spoofing Helper Service

This module provides a DNS service that returns TXT records indicating information about the querying service. Based on Dino Dai Zovi DNS code from Karma. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resol...

7.2AI score
Exploits0
securityvulns
securityvulns
added 2008/03/06 12:0 a.m.59 views

[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1 Versions Affected: Ruby 1.8.4 and all prior versions 1.8.5-p114 and all prior versions 1.8.6-p113 and all prior versions 1.9.0-1...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/02/15 12:0 a.m.21 views

Rio Karma MP3 Player File Upload Service Detection

The remote device seems to be a Rio Karma MP3 player, running the Rio Kama file upload service. Make sure the use of such network devices are done in accordance with your corporate security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

5.5AI score
Exploits0
Rows per page
Query Builder