Code injection

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page...

CVE-2012-1590

The forum list in Drupal 7.x before 7.14 does not properly check user permissions for unpublished forum posts, which allows remote authenticated users to obtain sensitive information such as the post title via the forum overview page...

DEBIAN-CVE-2010-5106

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...

DEBIAN-CVE-2012-4421

The createpost function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restrictions and publish new posts by leveraging the Contributor role and using the Atom Publishing...

Inherit Edit Restrictions for Child Pages

As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions: quote'Edit' restrictions are not inherited from the parent page, only from the space. In a space, the 'Add Pages' permission governs both the creation and the editiing of pages. See...

Inherit Edit Restrictions for Child Pages

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-26446. panel As it said in Documentation for Page Restrictions|https://confluence.atlassian.com/display/DOC/Page+Restrictions:...

Fake Syria News Posted from Hacked Reuters blog and Twitter account

On Friday, Reuters blog platform was hacked with false posts and on Saturday, the @ReutersTech account on Twitter was taken over and renamed @TechMe. False tweets were sent before it was taken down. The first attack came Friday after Syrian hackers loyal to President Bashar al-Assad allegedly...

DEBIAN-CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

CVE-2012-3385

WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors...

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

Facebook Anti-Troll System Snagging Ordinary Users

Complaints rang far and wide last week after an automated system for spotting inappropriate Facebook comments began blocking legitimate posts by the social network’s users, including prominent members like Robert Scoble. Facebook users of all stripes have received warnings about posting...

Anchor CMS 0.6 Cross Site Scripting

Exploit for php platform in category web applications Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities function xss0document.forms"xss0".submit; function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; function xss3document.forms"xss3".submit; function...

PicoPublisher v2.0 Remote SQL injection

Exploit for php platform in category web applications Exploit Title : PicoPublisher v2.0 Remote SQL injection Date : 29/03/2012 Author : ZeTH Contact : zeth/at/hacktheplan8/dot/com http://www.hacktheplan8.com Vendor : Pico Software Site : http://pico.no/ Version : 2.0 Price : $29,00 Dork :...

[SECURITY] Fedora 15 Update: libsocialweb-0.25.20-1.fc15

libsocialweb is a social data server which fetches data from the "social we b", such as your friend's blog posts and photos, upcoming events, recently play ed tracks, and pending eBay auctions. It also provides a service to update your status on web services which support it, such as MySpace and...

Jara 1.6 - Multiple Vulnerabilities

!/Mohammed/bin/YahYa Jara v1.6 Multiple Vulnerabilities -------------------------------------------+ download : http://sourceforge.net/projects/jara/files/v1.6/jarav16.zip AutHOr : Or4nG.M4n cOntAct : priv8teathotmail.com versiOn : v1.6 Tested : My Mind :...

WordPress Ajax Recent Posts Plugin 1.0.1 - Cross-Site Scripting

WordPress Ajax Recent Posts plugin's "do" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting

WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting source: https://www.securityfocus.com/bid/47579/info The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...

Cross-site Scripting (XSS) Vulnerability in WP-Ajax-Recent-Posts

High-Tech Bridge SA Security Research Lab has discovered vulnerability in WP-Ajax-Recent-Posts which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in WP-Ajax-Recent-Posts The vulnerability exists due to input sanitation error in the "number"...

CVE-2011-0760

Multiple cross-site request forgery CSRF vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting XSS sequences via the 1...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the configuration screen in wp-relatedposts.php in the WP Related Posts plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that insert cross-site scripting XSS sequences via the 1...