613 matches found
Threat Outbreak Alert: Fake Profile Question Response Email Messages on April 16, 2014
Medium Alert ID: 33823 First Published: 2014 April 16 21:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an answer to a question regarding profile information for the recipient. The text in the email...
CVE-2014-2571
Cross-site scripting XSS vulnerability in the quizquestiontostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question...
CVE-2014-2571
Moodle is affected by CVE-2014-2571 due to an XSS in quiz_question_tostring in mod/quiz/editlib.php. The vulnerability affects Moodle up to 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allowing remote authenticated users to inject arbitrary script/HTML via a quiz questi...
CVE-2014-2235
Cross-site scripting XSS vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form...
最新版通达OA几处存储型XSS
简要描述: 最新版通达OA几处存储型XSS 详细说明: 测试版本:下载 通达OA 2013增强版125MB 下载地址:http://www.tongda2000.com/download/2013adv.php 更新于 2013-12-26 13:30 1、讨论区发帖处发帖内容存储型XSS 2、回答“OA知道”问题时以源码方式编辑存在存储型XSS: 漏洞证明: img src="https://images.seebug.org/upload...
Cross site scripting
Cross-site scripting XSS vulnerability in mod/quiz/report/responses/responsestable.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question...
SPBAS Business Automation Software 2012 - Multiple Vulnerabilities
SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the securi...
SPBAS Business Automation Software XSS & CSRF Vulnerability
Exploit for php platform in category web applications SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://www.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the...
SPBAS Business Automation Software 2012 XSS / CSRF
SPBAS Business Automation Software- XSS & CSRF Vulnerability Date: 16 June 2013 Author: Christy Philip Mathew - www.offcon.org Vendor or Software Link: http://demo.spbas.com Version: 2012 1.XSS Vulnerability a Client Area - My Info - Update the first name and last name to john" b Update the...
apple ID can bypass the security question directly modify the password vulnerability-vulnerability warning-the black bar safety net
Use of premise: know the victim's apple id and the registered date of birth Using the steps of: The first step: 登录https://iforgot.apple.com/iForgot/iForgot.html fill in the specified apple id, click Next Second step: select the authentication method-the answer to the security question, click Next...
WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities
IndiaNIC FAQ Settings Page is vulnerable for CSRF. The Ask Question area front-end is vulnerable for XSS. It is possible to insert alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field =================== We don't need the captcha Image when we have this ...
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area X...
WordPress Plugin IndiaNIC FAQs Manager 1.0 - Multiple Vulnerabilities
alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area XSS in question parameter POST /wordpress/wp-admin/admin-ajax.php HTTP...
WordPress IndiaNIC FAQS Manager 1.0 XSS / CSRF
alert1 in question parameter. The Captcha value can be read from captcha parameter hidden field Part of Ask Question form =================== We don't need the captcha Image when we have this xD Request from Ask Question area XSS in question parameter POST /word...
friendsinwar FAQ Manager (view_faq.php, question param) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: friendsinwar FAQ Manager SQL Injection URL Vulnerability Date: 16.11 2012 Exploit Author: unsuprise Vendor Homepage: http://www.friendsinwar.com Software Link:http://www.friendsinwar.com/scriptdemo/thefaqmanager/ Tested on:...
Anwsion(v1. 1-Beta4) injection vulnerability-vulnerability warning-the black bar safety net
apphomemain.php8 5: public function exploreaction // Omitted........... By. Rices - Forum: T00ls.Net - Blog: Rices. so if $GET'category' if isnumeric$GET'category' //It is said before there can also be the injection so is isnum.. $categoryinfo = $this-model'system'-getcategoryinfo$GET'category'; ...
CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a savequestion action...
UBUNTU-CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a savequestion action...
CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a savequestion action...
CVE-2012-2356
Summary of CVE-2012-2356 Affected: Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3. Issue: remote authenticated users can bypass intended capability requirements in the question-bank feature and save questions via a save_question action. Root cause: not explicitly detailed in the provided docume...