7 matches found
EUVD-2008-7110
Malware in sbrugna...
EUVD-2019-8318
Malware in sbrugna...
CVE-2019-18571
The RSA Identity Governance and Lifecycle and RSA Via Lifecycle and Governance products prior to 7.1.1 P03 contain a reflected cross-site scripting vulnerability in the My Access Live module MAL. An authenticated malicious local user could potentially exploit this vulnerability by sending crafted...
SA-CONTRIB-2009-061 - Markdown Preview - Cross Site Scripting
The Markdown Preview module provides a live preview pane that displays the rendered HTML output of your Markdown input. When displaying the live preview, the module does not properly escape user entered data, leading to a cross-site scripting XSS vulnerability. Such an attack may lead to a...
SA-CONTRIB-2009-049 - Live - Privilege escalation, Impersonation
The Live module provides dynamic previews of content. When editing certain content nodes, the current user becomes logged in as the content's original author. Versions affected Live for Drupal 6.x prior to 6.x-1.2 Drupal core is not affected. If you do not use the contributed Live module, there i...
SA-2008-021 - Live - Cross site request forgery
The contributed module Live provides previews of content items while typing them. Live is vulnerable to a cross site request forgery which may lead to execution of PHP code when an authenticated, privileged user visits a malicious site. Versions affected Live for Drupal 5.x before Live 5.x-0.1...
Help Center Live Module.PHP远程目录遍历漏洞
Help Center Live是一款基于PHP的WEB应用程序。 Help Center Live不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'module.php'脚本对用户提交的"file"参数缺少过滤,提交包含多个"../"字符作为参数数据,可绕过WEB ROOT限制,以WEB进程权限执行任意命令。 Help Center Live Help Center Live 2.1.2 http://www.helpcenterlive.com/...