20 matches found
EUVD-2004-2177
Malware in sbrugna...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
CVE-2022-0434 Page Views Count < 2.4.15 - Unauthenticated SQL Injection
The Page View Count WordPress plugin before 2.4.15 does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...
Page Views Count < 2.4.15 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks PoC...
Page Views Count < 2.4.15 - Unauthenticated SQL Injection
The plugin does not sanitise and escape the postids parameter before using it in a SQL statement via a REST endpoint, available to both unauthenticated and authenticated users. As a result, unauthenticated attackers could perform SQL injection attacks...
Apache Jena Fuseki Cross-Site Scripting Vulnerability
Apache Jena Fuseki is a SPARQL server from the Apache Foundation USA. It can run as an operating system service, as a Java Web application WAR file, and as a standalone server. A cross-site scripting vulnerability exists in Apache Jena Fuseki versions 2.0.0 through 4.0.0, which can be exploited b...
Apache Airflow vulnerable to XSS and local file disclosure
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process...
Apache Airflow vulnerable to Stored XSS
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Code injection
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-214
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-142
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
PYSEC-2019-142
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...
Happy 16th Birthday TaoSecurity Blog
Today, 8 January 2019, is TaoSecurity Blog's 16th birthday! This is also my 3,041st blog post. I wrote my first post on 8 January 2003 while working as an incident response consultant for Foundstone. Here are a few statistics on the blog. Blogger started providing statistics in May 2010, so these...
WordPress Yoast Google Analytics Cross Site Scripting
OVERVIEW ========== Google Analytics by Yoast is one of the most popular WordPress plug-ins with over 7 million downloads and "1+ million" active installs. Last month Yoast patched a stored XSS we reported in the plug-in. Shortly after this we identified another bug of a similar severity. The...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
DEBIAN-CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...
CVE-2004-2185
Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via 1 the UnicodeConverter extension, 2 raw page views, 3 SpecialIpblocklist, 4 SpecialEmailuser, 5 SpecialMaintenance, and 6 ImagePage...