925 matches found
Code injection
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...
CVE-2013-3895
Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...
CVE-2013-5312
Multiple cross-site scripting XSS vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to browsevideos.php or the 2 cat parameter to groups.php...
DEBIAN-CVE-2013-2204
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...
phpcms 2 0 0 7 onunload. inc. php page to an update-type implant is attached using the EXP-bug warning-the black bar safety net
Download a set of phpcms 2 0 0 7 analysis, in the module\movie\onunload. inc. php found a update type of injection. query"UPDATE ". TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; ? $serverid is not any filtering and also not enclosed in single quotation marks, so ignor...
Route Parameter Injection Via Query String in Zend\Mvc
More info at https://framework.zend.com/security/advisory/ZF2013-01...
Ruby on Rails XML parameter injection Vulnerability(CVE-2 0 1 3-0 1 5 6)analysis-vulnerability warning-the black bar safety net
Author: wofeiwo80sec.com Note that this article is basically the article of the English version, since my level is limited, so if you see not quite understand, suggest to go to the original view. Recently, the RoR vulnerability outbreak,just yesterday, Pro morning,RoR official website released a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 syssolutionid, 2 sysrequesttypeid, 3 sysproblemdesc, 4 syssolutiondesc, 5 sysproblemsummary, 6 usrActiontesting, 7 usrEscalation, or 8...
Nagios XI Network Monitor Graph Explorer Component Command Injection
This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution. This module requires...
CVE-2012-1110
Multiple cross-site scripting XSS vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user, 2 email, 3 email2, 4 f17zip, or 5 agree parameter to join.php; 6 PATHINFO, 7 st, 8 f17city, 9 f17country, 10 f17state, 11 f17zip, 12 f19, 13...
CVE-2011-5142
Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...
Cross site scripting
Cross-site scripting XSS vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php...
Google Talk gtalk:// Deprecated Uri Handler Parameter Injection
Exploit for windows platform in category remote exploits Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...
CVE-2011-4713
Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the ID parameter to 1 catalog/shoppingcart.php or 2 catalog/content.php...
TCExam 11.2.011 SQL Injection
TCExam =11.2.011 Multiple SQL Injection Vulnerabilities Vendor: Tecnik.com s.r.l. Product web page: http://www.tcexam.org Affected version: 11.2.009, 11.2.010 and 11.2.011 Summary: TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT - Computer-Based...
Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution
No description provided by source. Sources: http://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt html p Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX functio...
Real Networks RealPlayer SP - RecordClip Method Remote Code Execution
Real Networks RealPlayer SP - RecordClip Method Remote Code Execution Sources: https://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplaye...
Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution
Exploit for windows platform in category remote exploits Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin http://www.zerodayinitiative.com/advisories/ZDI-10-211/ C:\Program...
Real Networks RealPlayer SP - 'RecordClip' Method Remote Code Execution
Sources: https://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin...
RealNetworks RealPlayer Code Execution
Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin http://www.zerodayinitiative.com/advisories/ZDI-10-211/ C:\Program Files\Real\RealPlayer\RecordingManager.exe has 2 interesting switches: /t will...