Ignition 1.2 (comment) Remote Code Injection Vulnerability

Exploit for unknown platform in category web applications ========================================================== Ignition 1.2 comment Remote Code Injection Vulnerability ========================================================== Ignition Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm...

Ignition 1.2 - 'comment' Remote Code Injection

Ignition Remote Code Execution AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani - R3d.w0rm Sina Yazdanmehr Download :...

CVE-2008-6969

Multiple cross-site scripting XSS vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the 1 stepid and 2 CHECKOUTCZBLOWFISHKEY parameters...

Drupal XSS and Code Injection Vulnerability

Drupal is prone to Cross Site Scripting and Remote Code Injection vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Format string

Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibl...

CVE-2009-2372

CVE-2009-2372 affects Drupal 6.x prior to 6.13, where remote authenticated users could inject arbitrary HTML/JS (and possibly PHP) through crafted user signatures after the comment input format was changed to an administrator-controlled format. The issue arises from how user signatures are proces...

CVE-2009-1575

CVE-2009-1575 is an XSS vulnerability in Drupal 5.x (<5.17) and 6.x (<6.11) (also affects vbDrupal

Code injection

ViArt Shop aka Shopping Cart 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cartname parameter...

CVE-2009-1408

Cross-site scripting XSS vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using 1 email, 2 img, and 3 url...

FreeBSD : Remote code injection in phpMyAdmin (0d4c31ac-cb91-11d8-8898-000d6111a684)

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

CVE-2008-6732

Cross-site scripting XSS vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

Exploit for unknown platform in category web applications ================================================================ Dokeos LMS = 1.8.5 whoisonline.php PHP Code Injection Exploit ================================================================ ?php /...

phpMyAdmin 2.11.x < 2.11.9.4 / 3.0.x < 3.1.3 Multiple Vulnerabilities

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

DEBIAN-CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Subscriber Edge Services Manager SESM allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

DEBIAN-CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

CVE-2008-6515

CVE-2008-6515 describes a cross-site scripting (XSS) vulnerability in Fritz Berger’s yet another php photo album - next generation (yappa-ng). The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. The available records identify the affec...