Lucene search
K

925 matches found

Prion
Prion
added 2013/10/09 2:53 p.m.23 views

Code injection

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...

6.8CVSS7.3AI score0.2964EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2013/10/09 2:44 p.m.30 views

CVE-2013-3895

Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to conduct clickjacking attacks via a crafted web page, aka "Parameter Injection Vulnerability."...

6.6AI score0.2964EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/08/19 8:0 p.m.27 views

CVE-2013-5312

Multiple cross-site scripting XSS vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to browsevideos.php or the 2 cat parameter to groups.php...

5.8AI score0.03217EPSS
Exploits1References5
OSV
OSV
added 2013/07/08 8:55 p.m.1 views

DEBIAN-CVE-2013-2204

moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a pound sign character during extraction of the QUERYSTRING, which allows remote attackers to pass arbitrary parameters to a Flash...

4.3CVSS7AI score0.02904EPSS
Exploits1References1
myhack58
myhack58
added 2013/06/05 12:0 a.m.18 views

phpcms 2 0 0 7 onunload. inc. php page to an update-type implant is attached using the EXP-bug warning-the black bar safety net

Download a set of phpcms 2 0 0 7 analysis, in the module\movie\onunload. inc. php found a update type of injection. query"UPDATE ". TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; ? $serverid is not any filtering and also not enclosed in single quotation marks, so ignor...

7.2AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2013/03/13 8:39 a.m.8 views

Route Parameter Injection Via Query String in Zend\Mvc

More info at https://framework.zend.com/security/advisory/ZF2013-01...

7.2AI score
Exploits0Affected Software1
myhack58
myhack58
added 2013/01/10 12:0 a.m.20 views

Ruby on Rails XML parameter injection Vulnerability(CVE-2 0 1 3-0 1 5 6)analysis-vulnerability warning-the black bar safety net

Author: wofeiwo80sec.com Note that this article is basically the article of the English version, since my level is limited, so if you see not quite understand, suggest to go to the original view. Recently, the RoR vulnerability outbreak,just yesterday, Pro morning,RoR official website released a...

0.2AI score
Exploits0
Prion
Prion
added 2012/12/12 11:38 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 syssolutionid, 2 sysrequesttypeid, 3 sysproblemdesc, 4 syssolutiondesc, 5 sysproblemsummary, 6 usrActiontesting, 7 usrEscalation, or 8...

4.3CVSS6AI score0.01148EPSS
Exploits2References3Affected Software1
Metasploit
Metasploit
added 2012/12/08 5:16 a.m.15 views

Nagios XI Network Monitor Graph Explorer Component Command Injection

This module exploits a vulnerability found in Nagios XI Network Monitor's component 'Graph Explorer'. An authenticated user can execute system commands by injecting it in several parameters, such as in visApi.php's 'host' parameter, which results in remote code execution. This module requires...

Exploits0
NVD
NVD
added 2012/09/06 6:55 p.m.18 views

CVE-2012-1110

Multiple cross-site scripting XSS vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 user, 2 email, 3 email2, 4 f17zip, or 5 agree parameter to join.php; 6 PATHINFO, 7 st, 8 f17city, 9 f17country, 10 f17state, 11 f17zip, 12 f19, 13...

4.3CVSS5.8AI score0.02715EPSS
Exploits0References11
Cvelist
Cvelist
added 2012/08/31 9:0 p.m.21 views

CVE-2011-5142

Multiple cross-site scripting XSS vulnerabilities in Open Business Management OBM 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the 1 tfdelegation, 2 tfip, or 3 tfname parameter in a search action to host/hostindex.php; 4 login parameter to...

5.7AI score0.01208EPSS
Exploits1References5
Prion
Prion
added 2012/07/21 3:38 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php...

2.6CVSS5.9AI score0.01174EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2012/03/22 12:0 a.m.34 views

Google Talk gtalk:// Deprecated Uri Handler Parameter Injection

Exploit for windows platform in category remote exploits Google Talk gtalk:// Deprecated Uri Handler /gaiaserver Parameter Injection Vulnerability tested against: Internet Explorer 8 Microsoft Windows all versions download url of 1.0.0.104: http://www.google.com/talk/install.html download urls of...

7.1AI score
Exploits0
NVD
NVD
added 2011/12/08 7:55 p.m.13 views

CVE-2011-4713

Directory traversal vulnerability in catalog/content.php in osCSS2 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. dot dot in the ID parameter to 1 catalog/shoppingcart.php or 2 catalog/content.php...

5CVSS6.7AI score0.03738EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2011/07/14 12:0 a.m.37 views

TCExam 11.2.011 SQL Injection

TCExam =11.2.011 Multiple SQL Injection Vulnerabilities Vendor: Tecnik.com s.r.l. Product web page: http://www.tcexam.org Affected version: 11.2.009, 11.2.010 and 11.2.011 Summary: TCExam is a FLOSS system for electronic exams also know as CBA - Computer-Based Assessment, CBT - Computer-Based...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2011/01/19 12:0 a.m.15 views

Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution

No description provided by source. Sources: http://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt html p Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX functio...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2011/01/14 12:0 a.m.13 views

Real Networks RealPlayer SP - RecordClip Method Remote Code Execution

Real Networks RealPlayer SP - RecordClip Method Remote Code Execution Sources: https://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplaye...

0.1AI score
Exploits0
0day.today
0day.today
added 2011/01/14 12:0 a.m.23 views

Real Networks RealPlayer SP 'RecordClip' Method Remote Code Execution

Exploit for windows platform in category remote exploits Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin http://www.zerodayinitiative.com/advisories/ZDI-10-211/ C:\Program...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/01/14 12:0 a.m.45 views

Real Networks RealPlayer SP - 'RecordClip' Method Remote Code Execution

Sources: https://www.securityfocus.com/bid/44443/info http://packetstormsecurity.org/files/view/97522/recordingmanager-ie.txt Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2011/01/13 12:0 a.m.33 views

RealNetworks RealPlayer Code Execution

Written by Sean de Regge seanderegge hotmail.com Exploit for the parameter injection bug in Realplayers RecordClip activeX function and firefox plugin http://www.zerodayinitiative.com/advisories/ZDI-10-211/ C:\Program Files\Real\RealPlayer\RecordingManager.exe has 2 interesting switches: /t will...

0.5AI score
Exploits0
Rows per page
Query Builder