216 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2014-5190
Cross-site scripting XSS vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
CVE-2014-5190
The CVE-2014-5190 entry concerns the WordPress plugin SI CAPTCHA Anti-Spam (v2.7.4). The connected documents confirm a Cross-Site Scripting (XSS) vulnerability in captcha-secureimage/test/index.php that allows remote attackers to inject arbitrary web script or HTML via PATH_INFO. The practical im...
WordPress SI CAPTCHA Plugin <= 2.7.4 - XSS
Because of this vulnerability in captcha-secureimage/test/index.php, the attackers can inject arbitrary web script or HTML via the PATHINFO. Solution Update the plugin...
WordPress SI CAPTCHA Cross Site Scripting
|||||||||||||||||||||||||||||||||||||||||||||||||| |-------------------------------------------------------------------------| | Exploit Title: Wordpress SI CAPTCHA Anti-Spam Plugin Cross site scripting | | Exploit Author: Ashiyane Digital Security Team | | Date : Date: 2014-08-02 | | Vendor...
Unfixed XSS vulnerability at www.si-wifi.org
Security researcher shellc0de, has submitted on 31/05/2012 a cross-site-scripting XSS vulnerability affecting www.si-wifi.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 08/10/2012. It is currently...
WAP Push SI Impersonation
Security Advisory: Multiple Smartphones SMS Sender Obfuscation via WAP Push SI ------------------------------------------------------------------------------ Discovered by: Michael Mueller a.k.a. c0rnholio Contact: c0rnholio on domain netcologne.de Advisory Homepage:...
Unfixed XSS vulnerability at www.zdob-si-zdub.com
Security researcher MaXWeL, has submitted on 15/03/2007 a cross-site-scripting XSS vulnerability affecting www.zdob-si-zdub.com, which at the time of submission ranked 730491 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 15/03/2007. It is...
Code injection
The ippushpendingframes function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan nmap -sI attack, which bypasses intended protections against such attacks...
[Full-disclosure] Senao SI-7800H VoIP wireless phone wdbrpc debug service UDP/17185
I disclosed the following issue at ShmooCon 2006 http://www.shmoocon.org/ during my "VoIP Wireless Phone Security Analysis" presentation. Thanks, --scm =============================================================== DATE: 16 January, 2006 VENDOR: Senao VENDOR NOTIFIED: 7 December, 2005 PRODUCT:...
Senao SI-7800H wireless VoIP phone multiple vulnerabilities
VxWorks debugger TCP/17185 access...
CVE-2005-3715
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service...
CVE-2005-3715
Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service...
CVE-2005-3715
CVE-2005-3715 affects Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839. The issue stems from the VxWorks debugger UDP port 17185 being left open without authentication, which in turn allows an attacker to access the phone OS, potentially obtain sensitive information, and cause a denial of ser...
[Full-disclosure] Senao SI-680H VoIP Wifi phone undocumented open port
I disclosed today the following vulnerability at the 32nd CSI conference in Washington, D.C. https://www.cmpevents.com/CSI32/a.asp?option=G&V=3&id=406438 Thanks, Shawn Merdinger =============================================================== VENDOR: Senao VENDOR NOTIFIED: 28 June, 2005 VENDOR...
Senao SI-680H wirieless Wi-Fi VoIP phones unauthorized access
VxWorks debugger is available with UDP/17185...