27 matches found
SA-CONTRIB-2012-073 - Glossary - Cross-Site Scripting (XSS)
CVE: CVE-2012-2339 The glossary module scans posts for glossary terms, adding an indicator. By hovering over the indicator, users may learn the definition of that term. The module does not sufficiently sanitize the taxonomy information. This leaves sites vulnerable to Cross-Site Scripting attacks...
SA-2008-030 - Site Documentation - Privilege escalation
The contributed module Site Documentation intends to assist developers and administrators when they start working with a new site by showing them information from the database. All users with the "access content" permission are able to use the module to list arbitrary tables from the database. In...
PostNuke Module v4bJournal Remote SQL Injection Vulnerability
No description provided by source. ---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir Greetz F...
pnv4b-sql.txt
---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir Greetz For All Persian Bugtraq Members...
PostNuke Module v4bJournal Remote SQL Injection Vulnerability
Exploit for unknown platform in category web applications ============================================================= PostNuke Module v4bJournal Remote SQL Injection Vulnerability ============================================================= ---------------------------------------- PostNuke...
PostNuke Module v4bJournal - SQL Injection
PostNuke Module v4bJournal - SQL Injection ---------------------------------------- PostNuke Journal ---------------------------------------- DISCOVERED BY :Ali Abbasi Olom Fonon Mazandaran University - Security Research Center, Babol, Iran Greetz For All Y! UnderGround Group Members www.2600.ir...
Unfixed XSS vulnerability at www3.ac-nancy-metz.fr
Security researcher SpyHackerz, has submitted on 04/12/2007 a cross-site-scripting XSS vulnerability affecting www3.ac-nancy-metz.fr, which at the time of submission ranked 16172 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/12/2007. It is...