CVE-2012-5541

The CVE-2012-5541 issue affects the Drupal Twitter Pull module (6.x-1.x and 7.x-1.x branches). The underlying vulnerability stems from insufficient filtering of data coming from Twitter, enabling XSS via unspecified vectors. Affected versions are Twitter Pull 6.x-1.x prior to 6.x-1.3 and 7.x-1.x ...

CVE-2012-5541

Cross-site scripting XSS vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "data coming from Twitter."...

SA-CONTRIB-2012-150 - Twitter Pull - Cross Site Scripting (XSS)

Twitter Pull allows you to retrieve tweets from Twitter based on a user or search and display them on your site. It also includes integration with the boxes module to allow for simple placement of twitter feeds on various pages. The module doesn't sufficiently filter the data coming from Twitter...

Samba NDR PULL SVCCTL StartServiceW Heap Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL SVCCTL StartServiceW request. By sending a specially crafted...

Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL LSA TrustDomainInfoControllers request. By sending a specially...

Samba ndr_pull_dfs_Info3 Heap Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within Samba's handling of a NDR PULL DFS INFO3 request. By sending a specially crafted packet, it is...

Contrexx ShopSystem 2.2 SP3 - Blind SQL Injection

Exploit title: Contrexx Shopsystem Blind SQL Injection Exploit Exploit PoC: index.php?section=shop&productId=VALID productid and YOUR BLIND SQL CODE Exploit tested on: Debian 6, Ubuntu Linux 11.04 Exploit found and written by: Penguin Version: = [email protected] !/usr/bin/php...

[SECURITY] Fedora 13 Update: tuxguitar-1.2-3.fc13

TuxGuitar is a guitar tablature editor with player support through midi. It can display scores and multitrack tabs. Various features TuxGuitar provides inc lude autoscrolling while playing, note duration management, bend/slide/vibrato/ hammer-on/pull-off effects, support for tuplets, time signatu...

[SECURITY] Fedora 12 Update: tuxguitar-1.2-3.fc12

TuxGuitar is a guitar tablature editor with player support through midi. It can display scores and multitrack tabs. Various features TuxGuitar provides inc lude autoscrolling while playing, note duration management, bend/slide/vibrato/ hammer-on/pull-off effects, support for tuplets, time signatu...

DEBIAN-CVE-2008-4297

Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request...

eSHOP100 (SUB) Remote SQL Injection Vulnerability

No description provided by source. ...:::::eSHOP100 SQL Injection Vulnerbility ::::.... AUTHOR : JuDge AUTHOR Email:[email protected],[email protected] Script WebSite:http://www.eshop100.co.uk Dork:: DescRipTiON: pull customers info from database EX...

Expert Advisior (index.php id) Remote SQL Injection Vulnerbility

Exploit for unknown platform in category web applications ================================================================ Expert Advisior index.php id Remote SQL Injection Vulnerbility ================================================================...

SuperCali PHP Event Calendar 0.4.0 - SQL Injection

SuperCali PHP Event Calendar 0.4.0 - SQL Injection --==+================================================================================+==-- --==+ SuperCali Event Calendar SQL Injection Vulnerbility +==-- --==+================================================================================+==--...

SuperCali PHP Event Calendar 0.4.0 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================== SuperCali PHP Event Calendar 0.4.0 SQL Injection Vulnerability ==============================================================...

Apple Mac OSX 10.4.8 - SLP Daemon Service Registration Buffer Overflow (PoC)

!/usr/bin/ruby c Copyright 2006 Lance M. Havok Kevin Finisterre All pwnage reserved. Proof of concept for MOAB-17-01-2007 http://projects.info-pull.com/moab/MOAB-17-01-2007.html Originally reported to Apple by Kevin, on 08/02/2006. require 'socket' targetpath = ARGV0 || '/var/run/slpipc' slpsocke...

Application Enhancer (APE) 2.0.2 - Local Privilege Escalation

Application Enhancer APE 2.0.2 - Local Privilege Escalation !/usr/bin/ruby Exploit Of The Apes: A practical pwnage for Application UNEnhancer aka APU c 2006 LMH and Johnny Pwnerseed. This goes dedicated to macdev. For the childish flaming and great brain lag. Lesson: Don't talk about stuff you ha...

Application Enhancer (APE) 2.0.2 - Local Privilege Escalation

!/usr/bin/ruby Exploit Of The Apes: A practical pwnage for Application UNEnhancer aka APU c 2006 LMH and Johnny Pwnerseed. This goes dedicated to macdev. For the childish flaming and great brain lag. Lesson: Don't talk about stuff you have NFC about. And don't insult people. Once you do it, and g...