613 matches found
WordPress Plugin Answer My Question 1.3 - SQL Injection
WordPress Plugin Answer My Question 1.3 - SQL Injection Exploit Title: Answer My Question 1.3 Plugin for WordPress – Sql Injection Date: 10/11/2016 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/answer-my-question/ Software Link:...
telfort.nl XSS vulnerability
Vulnerable URL: https://www.telfort.nl/KBS/jsp/kbs/ahmail/typeOfQuestion.jsp?chan=ahmobiel=60"'/;a=eval;b=alert;ab/xssposed/;...
WordPress DW Question Answer 1.4.2.2 Cross Site Scripting
FULL DISCLOSURE Product : DW Question Answer Exploit Author : Rahul Pratap Singh Version : 1.4.2.2 Home page Link : https://wordpress.org/plugins/dw-question-answer/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 11/3/2016 XSS Vulnerability:...
WordPress DW Question & Answer Plugin <= 1.4.2.2 - Stored XSS
Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...
DW Question & Answer <= 1.4.2.2 - Stored Cross-Site Scripting (XSS)
The DW Question & Answer WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...
phpyun 任意用户密码修改两处 (秒破/demo测试)
简要描述: 好久没看过php了。。。。 如题咯。 详细说明: 来看到找回密码的地方。 app/controller/forgetpwd/index.class.php function sendaction $username=yuniconv"utf-8","gbk",$POST'username'; if!$this-CheckRegUser$username&&!$this-CheckRegEmail$username $res'msg'=yuniconv"gbk","utf-8","用户名不符合规范!"; $res'type'='8'; echo...
ownCloud: apps.owncloud.com: Edit Question didn't check ACLs
hello i find bug with it i can edit or delete any question users poc link https://apps.owncloud.com/knowledgebase/editquestion.php?page=89 thanks...
The vulnerability of the Moodle learning management system allows a hacker to execute arbitrary web or HTML code.
The vulnerability of the mod/quiz/report/statistics/statisticsquestiontable.php component of the Moodle learning management system exists due to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary web or HTML code ...
CVE-2015-4369
Cross-site scripting XSS vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permission to inject arbitrary web script or HTML via unspecified vectors...
Moodle 'mod/quiz/report/statistics/statistics_question_table.php' cross-site scripting vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in the Moodle 'mod/quiz/report/statistics/statisticsquestiontable.php' script. A remote...
UBUNTU-CVE-2015-2273
Cross-site scripting XSS vulnerability in mod/quiz/report/statistics/statisticsquestiontable.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a...
Tipask question Answering System 1 2 injection package-vulnerability warning-the black bar safety net
Participate in a period of public test of the time, manufacturers use this system, download down looked, found injected into a large heap. Since the program after the end of the sql statement in many places without using the single quotes the parameter is enclosed, so the user input of the check...
Drupal Trick Question module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Trick Question is one of the CAPTCHA type spam defense modules. A cross-site scripting vulnerability exists in the Drupal Trick Question module. The vulnerability is due to the program...
Password retrieve logic vulnerability summary-vulnerability warning-the black bar safety net
0x00 background description Please note these two articles: Password retrieve function there may be a problem Password retrieve function there may be issues supplemented From the above two documents the past six months, recently finishing a password to get back to the mind map, open the collectio...
KBPublisher FAQ System SQL Injection Vulnerability
KnowledgebasePublisher is a FAQ system non-open source that can also be used as a content manager for publishing articles. Provides question categorization , glossary , powerful WYSIWYG editor , real-time response , full-text search , add attachments , five different administrative roles ,...
Mike Mimoso and Dennis FIsher Discuss the Sony Breach
Dennis Fisher and Mike Mimoso talk about the details of the Sony breach, including the question of attribution, Sony’s response to the attack, media outlets publishing the stolen data and the rise of destructive malware attacks. Download: digitalunderground174.mp3 Music by Chris Gonsalves...
IndiaNIC FAQs Manager 1.0 - Ask Question Form question Parameter XSS
The faqs-manager WordPress plugin was affected by an Ask Question Form question Parameter XSS security vulnerability...
CVE-2014-3545
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz...
WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities
No description provided by source. html !-- Exploit Title: WordPress IndiaNIC FAQ 1.0 Plugin CSRF + XSS Google Dork: inurl:wp-content/plugins/faqs-manager Date: 21.03.2013 Exploit Author: m3tamantra http://m3tamantra.wordpress.com/blog Vendor Homepage:...