47 matches found
WordPress plugin Multi-page Toolkit 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Multi-page Toolkit plugin 2.6 and earlier versions are vulnerable to cross-site request forgery,...
Multi-page Toolkit <= 2.6 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well ' input typ...
GHSA-CVVX-R33M-V7PQ Improper Input Validation in Apache Struts
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter...
XSS Vulnerability in ThinkLC Multiple Pages
ThinkLC is a classified information system developed by SaxueCMS. ThinkLC V4.0 and previous versions of multi-page XSS vulnerability, the vulnerability stems from the system fails to adequately filter img tags, an attacker can construct malicious img tags to exploit the vulnerability to obtain...
[SECURITY] Fedora 25 Update: evince-3.22.1-5.fc25
Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...
Debian DSA-3536-1 : libstruts1.2-java - security update
It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
Debian Security Advisory DSA 3536-1 (libstruts1.2-java - security update)
It was discovered that libstruts1.2-java, a Java framework for MVC applications, contains a bug in its multi-page validation code. This allows input validation to be bypassed, even if MPV is not used directly. OpenVAS Vulnerability Test $Id: deb3536.nasl 6608 2017-07-07 12:05:05Z cfischer $...
MPCS <= 1.0 (path) Remote File Include Vulnerabilities
No description provided by source. ================================================================== Multi-Page Comment System RFI ================================================================== Info:- Scripts: Multi-Page Comment System MPCS Home: http://tpvgames.co.uk/web/mpcs/ Download:...
Multi-Page Comment System CSRF/XSS Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
EZEIP3. 0 multi-page upload validation vulnerability-vulnerability warning-the black bar safety net
Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page: http://www.XXX.com/...
EZEIP3. 0 multi-page upload validation vulnerability and fix-vulnerability warning-the black bar safety net
Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page:...
Code injection
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a multi-page document...
MDVA-2008:101 : evince
Evince was not properly handling multi-page TIFF files and was crashing under specific conditions when requesting printing. This package update fixes those issues and includes additional translations from the GNOME 2.22.2 release. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated a...
Mandriva Update for evince MDVA-2008:101 (evince)
Check for the Version of evince OpenVAS Vulnerability Test Mandriva Update for evince MDVA-2008:101 evince Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Mandriva Update for evince MDVA-2008:101 (evince)
Check for the Version of evince OpenVAS Vulnerability Test Mandriva Update for evince MDVA-2008:101 evince Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under th...
Authentication flaw
admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...
CVE-2008-2293
admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...
CVE-2008-2293
The CVE-2008-2293 issue affects Multi-Page Comment System (MPCS) 1.0 and 1.1, where remote attackers can bypass authentication and escalate privileges by setting the CommentSystemAdmin cookie to 1. The available sources describe an authentication bypass via a cookie manipulation, marking it as a ...
CVE-2008-2293
admin.php in Multi-Page Comment System MPCS 1.0 and 1.1 allows remote attackers to bypass authentication and gain privileges by setting the CommentSystemAdmin cookie to 1...
Multi-Page Comment System 1.1.0 - Insecure Cookie Handling
Multi-Page Comment System 1.1.0 - Insecure Cookie Handling --==+================================================================================+==-- --==+ Multi-Page Comment System 1.1.0 Insecure Cookie Handling +==--...