502 matches found
Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting
Joomla! Component Komento 1.7.2 - Persistent Cross-Site Scripting Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor...
Joomla Komento 1.7.2 Cross Site Scripting
Advisory ID: HTB23194 Product: Komento Joomla Extension Vendor: Stack Ideas Sdn Bhd. Vulnerable Versions: 1.7.2 and probably prior Tested Version: 1.7.2 Advisory Publication: January 2, 2014 without technical details Vendor Notification: January 2, 2014 Vendor Patch: January 2, 2014 Public...
CVE-2012-6629
Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...
CVE-2012-6629
Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...
WordPress Newsletter Manager Plugin <= 1.0.2 - Multiple CSRF and XSS
Because of these vulnerabilities, the attackers can hijack the authentication of administrators for requests that conduct script insertion attacks or change an email address. Solution Update the plugin...
Cross-Site Scripting (XSS) in Komento Joomla Extension
High-Tech Bridge Security Research Lab discovered two XSS vulnerabilities in Komento Joomla Extension, which can be exploited to perform script insertion attacks. 1 Cross-Site Scripting XSS in Komento Joomla Extension: CVE-2014-0793 1.1 The vulnerability exists due to insufficient sanitisation of...
ZendTo 'emailAddr' 脚本插入漏洞
CVECAN ID: CVE-2013-6808 ZendTo是基于Web的文件转换器。 ZendTo 4.11-12版本没有正确过滤pickup.php的 "emailAddr" 参数值,可导致插入任意HTML和脚本代码,被查看后,在受影响站点的用户浏览器上下文中执行这些代码。 0 ZendTo ZendTo = 4.11-12 厂商补丁: ZendTo ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.zend.to/changelog.phpZendTo ZendTo = 4.11-12...
Jenkins CI 1.523 Persistent Script Insertion
Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
LimeSurvey 2.00+ build 131107 - Multiple Vulnerabilities LimeSurvey v2.00+ build 131107 Script Insertion And SQL Injection Vulnerability Vendor: LimeSurvey Project Team Product web page: http://www.limesurvey.org Affected version: 2.00+ build 131009 2.00+ build 131022 2.00+ build 131031 2.00+...
Microsoft Office Web Apps Remote Code Execution vulnerability (2834052)
This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Microsoft SharePoint Foundation Remote Code Execution vulnerability (2834052)
This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Microsoft Office Services Remote Code Execution vulnerability (2834052)
This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Microsoft SharePoint Server Remote Code Execution vulnerability (2834052)
This host is missing an important security update according to Microsoft Bulletin MS13-067. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Microsoft Sharepoint (Cloud) Persistent Script Insertion
Title: ====== Microsoft SharePoint Cloud - Persistent Exception-Handling Web Vulnerability Date: ===== 2013-06-14 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=812 Microsoft Security Response Center MSRC ID: 14096 Microsoft Security Response Center MSRC MANAGER: JT MS...
Sony PSN Community Lithium Forums 2012 Q4 Script Insertion
Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 747 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...
Sony PSN Community Lithium Forums 2012 Q4 Script Insertion
Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 748 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...
MTP Guestbook 1.0 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / form method="POST" action="http://localhost/mtpguestbook/inse...
MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting
MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input type="hidden" name="rat...
MTP Poll 1.0 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / inpu...