406 matches found
CVE-2008-6275
Cross-site scripting XSS vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages...
CVE-2008-6276
CVE-2008-6276 describes SQL injection vulnerabilities in the Drupal module User Karma. Affected versions are 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1. The flaws allow remote authenticated administrators to execute arbitrary SQL commands via either a content type or a voting API value. The...
Drupal User Karma模块跨站脚本和SQL注入漏洞
BUGTRAQ ID: 32491 Drupal的User Karma模块用于显示和管理用户的karma点数。 User Karma模块没有正确地过滤内容类型和投票API值便用在了SQL查询中,这可能导致SQL注入攻击;此外攻击者还可以通过向该模块提交恶意请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Drupal User Karma 6.x Drupal User Karma 5.x 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
DNS Spoofing Helper Service
This module provides a DNS service that returns TXT records indicating information about the querying service. Based on Dino Dai Zovi DNS code from Karma. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'resol...
[DSECRG-08-018] Ruby 1.8.6 (Webrick Httpd 1.3.1) Directory traversal file Download Vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-08-018 Application: Ruby 1.8.6 WEBrick Web server Toolkit and applications that used WEBrick, like Metasploit 3.1 Versions Affected: Ruby 1.8.4 and all prior versions 1.8.5-p114 and all prior versions 1.8.6-p113 and all prior versions 1.9.0-1...
Rio Karma MP3 Player File Upload Service Detection
The remote device seems to be a Rio Karma MP3 player, running the Rio Kama file upload service. Make sure the use of such network devices are done in accordance with your corporate security policy. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...