BIT-MOODLE-2024-34006 moodle: unsanitized HTML in site log for config_log_created

The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in plaintext instead of being rendered...

Security Bulletin: IBM i Access Client Solutions - Windows Application Package is vulnerable to a timing issue with RSA Decryption in GSKit builds prior to 8.0.55.31 (CVE-2023-32342)

Summary IBM GSKit is used by IBM i Access Client Solutions - Windows Application Package when making TLS connections to an IBM i partition. If an RSA cipher is used, IBM GSKit could allow a remote attacker to obtain sensitive information. Vulnerability Details CVEID:CVE-2023-32342 DESCRIPTION: IB...

HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)

Potential Security Impact Cross-site Scripting XSS Source: HP, HP Product Security Response Team PSRT Reported by: The jQuery Foundation VULNERABILITY SUMMARY A potential security vulnerability has been identified for certain HP printers and MFPs. In jQuery versions before 3.5.0, passing HTML fro...

X7 Chat <= 2.0.4 (old_prefix) Remote Blind SQL Injection Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo X7 Chat =2.0.4 'oldprefix' blind SQL injection / privilege escalation exploit\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n; echo dork: \Powered By X7 Chat\r\n\r\n; if $argc3...

Concept500 CMS Cross Site Scripting

Exploit Title: Concept500 CMS XSS Vulnerability Date: 2011-08-11 Author: Sepehr Security Team Software Site: http://www.concept500.co.uk/ ++++++++++++++++++++++++ Exploit: http:///shop/viewphoto.php?shoph=idXSS&phqu=id XSS: " alertString.fromCharCode88, 83, 83 Demo:...

slogan design Script - SQL Injection

Title: slogan design Script SQL Injection Vulnerability Version: 3.1 Author: Mr.P3rfekT Software Site: http://www.slogandesign.co.il Tested on Lunix CVE : N/A Founded By Mr.P3rfekT --- We Will Not Go Down Dork : " inurl:"index.php?mid=" Helllo Allz. Exploit : http://site/path/index.php?mid=SQLi P...

CVE-2008-4585

Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php...

CVE-2008-4585

Belong Software Site Builder 0.1 beta allows remote attackers to bypass intended access restrictions and perform administrative actions via a direct request to admin/home.php...

microssyscms-rfi.txt

microSSys CMS = 1.5 Remote File Inclusion Vulnerability Software site: http://wajox.com/ =============================================================== By Raz0r www.Raz0r.name =============================================================== Vulnerable code index.php@22-25,54-55: 22...

RunCMS 1.5.2 - debug_show.php SQL Injection

RunCMS 1.5.2 - debugshow.php SQL Injection no authentication is performed to run showfiles and showqueries functions, look at this now in /class/debug/debug.php: ... function showqueries$executedqueries, $sorted=0 global $db; $executedqueries = unserializeurldecode$executedqueries; if $sorted == ...

forumjbc4.txt

ForumJBC v4 alert'hacking%20xss' ; Greetz : M.I.D.TDrackanZ, Mr.IlysS, NeThug47 & All Moroccan & Arab Hackers ; Yallah Tla7 Safi...

DotClear 1.2.4 - prepend.php Remote File Inclusion

DotClear 1.2.4 - prepend.php Remote File Inclusion !/usr/bin/php -q -d shortopentag=on ? echo "DotClear = 1.2.4 prepend.php/'blogdcpath' arbitrary remote inclusion\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n\r\n"; echo "dork: "propulsé par DotClear"...

PixelPost 1-5rc1-2 - Privilege Escalation

!/usr/bin/php -q -d shortopentag=on ? echo "Pixelpost = 1-5rc1-2 privilege escalation exploit\r\n"; echo "by rgod [email protected]\r\n"; echo "site: http://retrogod.altervista.org\r\n"; echo "dork: pixelpost "RSS 2.0" "ATOM feed" "Valid xHTML / Valid CSS"\r\n\r\n"; / works with:...