106 matches found
WordPress Spellchecker Local File Inclusion / Remote File Inclusion
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ======++++++ RFI & LFI Wordpress Spellchecker Plugin Vulnerability ++++++====== +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...
CVE-2010-3313
phpgwapi/js/fckeditor/editor/dialog/fckspellerpages/spellerpages/serverscripts/spellchecker.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to execute arbitrary commands v...
Debian DSA-2013-1 : egroupware - several vulnerabilities
Nahuel Grisolia discovered two vulnerabilities in Egroupware, a web-based groupware suite: Missing input sanitising in the spellchecker integration may lead to the execution of arbitrary commands and a cross-site scripting vulnerability was discovered in the login page. %NASLMINLEVEL 70300 C...
DSA-2013-1 egroupware - several vulnerabilities
Bulletin has no description...
USN-791-1: Moodle vulnerabilities
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. CVE-2007-3215 Nigel McNie discovered that fetching https URLs di...
MDVA-2008:106-1 : openoffice.org-voikko
openoffice.org-voikko provides Finnish spellchecker and hyphenator component for OpenOffice.org. The package is being updated for the new OpenOffice.org version. Update: Due to a build error, the previous update for i586 architecture was built against the old OpenOffice.org. This update fixes tha...
MDVA-2008:106 : openoffice.org-voikko
openoffice.org-voikko provides Finnish spellchecker and hyphenator component for OpenOffice.org. The package is being updated for the new OpenOffice.org version. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled on...
Mandriva Update for openoffice.org-voikko MDVA-2008:106-1 (openoffice.org-voikko)
Check for the Version of openoffice.org-voikko OpenVAS Vulnerability Test Mandriva Update for openoffice.org-voikko MDVA-2008:106-1 openoffice.org-voikko Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...
Mandriva Update for openoffice.org-voikko MDVA-2008:106-1 (openoffice.org-voikko)
Check for the Version of openoffice.org-voikko OpenVAS Vulnerability Test Mandriva Update for openoffice.org-voikko MDVA-2008:106-1 openoffice.org-voikko Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; yo...
Mandriva Update for openoffice.org-voikko MDVA-2008:106 (openoffice.org-voikko)
Check for the Version of openoffice.org-voikko OpenVAS Vulnerability Test Mandriva Update for openoffice.org-voikko MDVA-2008:106 openoffice.org-voikko Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...
FreeBSD : dokuwiki -- XSS vulnerability in spellchecker backend (cddde37a-39b5-11dc-b3da-001921ab2fa4)
DokuWiki reports : The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users...
DokuWiki suffers XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/ Product: DokuWiki Vendor: DokuWiki Project Subject: Cross-site scripting - XSS Risk: High Effect: Remotely exploitable Author: Cyrill Brunschwiler [email protected] Date: July 19th 2007 Introduction: ------------- Compass Security discovered...
dokuwiki -- XSS vulnerability in spellchecker backend
DokuWiki reports: The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users se...
Code injection
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
The spellchecker spellcheck.php in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by pregreplace with the /e executable modifier...
CVE-2006-2878
CVE-2006-2878 affects DokuWiki (spellcheck.php) where unsanitized PHP code can be injected through the PHP/complex curly syntax in a preg_replace with the /e modifier. A remote unauthenticated attacker could execute arbitrary PHP commands on the webserver running DokuWiki, as described in multipl...