WordPress SimpleMail Plugin Email字段脚本插入漏洞

CVE ID: CVE-2012-2579 WordPress是一种使用PHP语言和MySQL数据库开发的Blog（博客、网志引擎，用户可以在支持PHP和MySQL数据库的服务器上建立自己的Blog。 SimpleMail plugin for WordPress 1.0.6及其他版本在实现上存在多个漏洞，通过电子邮件的字段"To"、"From"、"Date"、"Subject"传递的输入没有正确过滤即用于显示电子邮件，可被恶意利用执行脚本插入攻击，查看后会在受影响站点的用户浏览器中执行 0 WordPress SimpleMail Plugin 1.x 厂商补丁： WordPress...

Unfixed Script Insertion vulnerability at www.forums.mihandownload.com

Security researcher a3q, has submitted on 07/02/2012 a Script Insertion vulnerability affecting www.forums.mihandownload.com, which at the time of submission ranked 1234 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/02/2012. It is currentl...

FreeBSD : foswiki -- Script Insertion Vulnerability via unchecked user registration fields (495b46fd-a30f-11e1-82c9-d0df9acfd7e5)

Foswiki team reports : When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as 'FirstName' or 'OrganisationName'. By design, Foswiki's normal editing features allow...

foswiki -- Script Insertion Vulnerability via unchecked user registration fields

Foswiki team reports: When a new user registers, the new user can add arbitrary HTML and script code into the user topic which is generated by the RegistrationAgent via standard registration fields such as "FirstName" or "OrganisationName". By design, Foswiki's normal editing features allow...

Unfixed Script Insertion vulnerability at www.profileex.com

Security researcher Sony, has submitted on 04/01/2012 a Script Insertion vulnerability affecting www.profileex.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 09/01/2012. It is currently unfixed. If...

Unfixed Script Insertion vulnerability at www.milw0rm.nl

Security researcher shellc0de, has submitted on 17/03/2012 a Script Insertion vulnerability affecting www.milw0rm.nl, which at the time of submission ranked 13100591 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/04/2012. It is currently...

Zend Server 5.6.0 multiple remote script insertion defect and repair-vulnerability warning-the black bar safety net

!-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Author: Zend Technologies Ltd. Product home page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zend Data Cache 4.0 Zend Job Queue 4.0 Zend Debugger 5.3 Zend Java Brid...

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities

Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities !-- Title: Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities Vendor: Zend Technologies Ltd. Product web page: http://www.zend.com Affected version: Zend Server 5.6.0 Zend Optimizer+ 4.1 Zend Code Tracing 1.0 Zen...

Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities

Summary Zend Server is a complete, enterprise-ready Web Application Server for running and managing PHP applications. Description Zend Server and its components suffers from a cross-site scripting vulnerability. The persistent stored XSS issues are triggered when input passed via several paramete...

Zend Server 5.6.0 Script Insertion

Exploit for php platform in category web applications 0day.today 2018-01-03...

Unfixed Script Insertion vulnerability at www.pingplace.nl

Security researcher Killer-TR, has submitted on 18/02/2012 a Script Insertion vulnerability affecting www.pingplace.nl, which at the time of submission ranked 2570652 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 02/08/2012. It is currently...

Unfixed Script Insertion vulnerability at jicama.cs.washington.edu

Security researcher Sony, has submitted on 16/02/2012 a Script Insertion vulnerability affecting jicama.cs.washington.edu, which at the time of submission ranked 3079 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 17/02/2012. It is currently...

Unfixed Script Insertion vulnerability at amhost.bplaced.net

Security researcher shellc0de, has submitted on 23/01/2012 a Script Insertion vulnerability affecting amhost.bplaced.net, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 25/01/2012. It is currently...

Unfixed Script Insertion vulnerability at pastehtml.com

Security researcher RemoteExecution, has submitted on 23/01/2012 a Script Insertion vulnerability affecting pastehtml.com, which at the time of submission ranked 34012 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/01/2012. It is currently...

Bugzilla: Multiple vulnerabilities

Background Bugzilla is the bug-tracking system from the Mozilla project. Description Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact A remote attacker could conduct cross-site scripting attacks, conduct script...

Cross-site Scripting (XSS) Vulnerabilities in XOOPS

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in XOOPS which could be exploited to perform cross-site scripting and script insertion attacks. 1 Cross-site scripting XSS vulnerabilities in XOOPS: CVE-2011-4565 The vulnerability exists due to input sanitation error in the...

AContent 1.1 (category_name) Remote Script Insertion Vulnerability

Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...

acontent 1.1 - Multiple Vulnerabilities

acontent 1.1 - Multiple Vulnerabilities AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used ...

ATutor AContent 1.1 Script Insertion

AContent 1.1 categoryname Remote Script Insertion Vulnerability Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable,...

acontent 1.1 - Multiple Vulnerabilities

AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable, accessible,...