Lucene search
+L

8751 matches found

packetstorm
packetstorm
added 2013/10/16 12:0 a.m.22 views

WordPress Dexs PM System Cross Site Scripting

=============================================================================== | | / / / / / / // / / -alert'xss'; --- SNIP --- If the message has been sent successfully a alert diolog will apear containing xss when an user checks there...

7.4AI score
Exploits0
rubygems
rubygems
added 2013/10/16 12:0 a.m.41 views

CVE-2013-4389 rubygem-actionmailer: email address processing DoS

Multiple format string vulnerabilities in logsubscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of service via a crafted e-mail address that is improperly handled during construction of a log message...

4.3CVSS4.9AI score0.03135EPSS
Exploits1References1Affected Software1
drupal
drupal
added 2012/10/24 12:0 a.m.23 views

SA-CONTRIB-2012-158 - MailChimp - Cross Site Scripting (XSS)

This module provides integration with the MailChimp email delivery service. There are two issues with the webhook processing, which is exposed as an API in mailchimp.module and used by mailchimplists.module to update subscriber information. The webhook URL key can be trivially calculated. Webhook...

4.3CVSS6.4AI score0.01161EPSS
Exploits0References9
packetstorm
packetstorm
added 2012/08/01 12:0 a.m.20 views

WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection

============================================================================ WordPress G-Lock Double Opt-in Manager Plugin SQL Injection version the admin-ajax will run the ajaxbackend eventually, and then all subscribers will be deleted, even though u r only a subscriber user!!!...

0.1AI score
Exploits0
nessus
nessus
added 2012/08/01 12:0 a.m.27 views

Scientific Linux Security Update : mailman on SL6.x i386/x86_64

Multiple input sanitization flaws were found in the way Mailman displayed usernames of subscribed users on certain pages. If a user who is subscribed to a mailing list were able to trick a victim into visiting one of those pages, they could perform a cross-site scripting XSS attack against the...

4.3CVSS5.7AI score0.04248EPSS
Exploits0References3
exploitdb
exploitdb
added 2012/06/07 12:0 a.m.24 views

WordPress Plugin Email NewsLetter 8.0 - 'option' Information Disclosure

source: https://www.securityfocus.com/bid/53850/info The Email Newsletter plugin for WordPress is prone to an information-disclosure vulnerability because it fails to sufficiently validate user-supplied data. An attackers can exploit this issue to obtain sensitive information that may aid in...

7.4AI score
Exploits0
thn
thn
added 2012/03/05 7:25 a.m.5 views

Twitter releases data to Law Enforcements for criminal inquiry

Twitter releases data to Law Enforcements for criminal inquiry Twitter handed over subscriber information yesterday for one Twitter account indirectly tied to the Occupy Boston protest, ending a court battle fought behind closed doors as Boston law enforcement investigated hacking attacks on the...

6.7AI score
Exploits0
packetstorm
packetstorm
added 2012/02/25 12:0 a.m.30 views

Assembla.com Cross Site Scripting

Date: 25.02.2012 Author: Sony Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/assemblacom-cross-site-scripting.html .................................................................. Create FreeSpace...

Exploits0
patchstack
patchstack
added 2011/09/26 12:0 a.m.9 views

WordPress Regular Subscriber Plugin 3.1.x - HTML Injection Vulnerability

WordPress Regular Subscriber plugin is prone to an HTML-injection vulnerability because of failure to sufficiently clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser in the context of the affected websites. In this way an attacker can steal...

1.3AI score
Exploits0References1Affected Software1
prion
prion
added 2010/11/26 8:0 p.m.22 views

Heap overflow

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity TMSI field...

6.8CVSS8.1AI score0.03712EPSS
Exploits0References6Affected Software1
cvelist
cvelist
added 2010/11/26 7:0 p.m.30 views

CVE-2010-3832

Heap-based buffer overflow in the GSM mobility management implementation in Telephony in Apple iOS before 4.2 on the iPhone and iPad allows remote attackers to execute arbitrary code on the baseband processor via a crafted Temporary Mobile Subscriber Identity TMSI field...

7.5AI score0.03712EPSS
Exploits0References6
threatpost
threatpost
added 2010/07/26 3:1 p.m.10 views

Researcher to Show Off GSM Intercept Attack at Defcon

At the Defcon conference later this week, Chris Paget, a well-known security researcher who focuses on wireless and RFID issues, will give a demonstration of a technique that enables him to intercept calls made on GSM wireless handsets without any interaction with the user’s handset. The techniqu...

6.7AI score
Exploits0References5
nvd
nvd
added 2010/05/12 11:46 a.m.27 views

CVE-2010-1909

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

7.6CVSS7.9AI score0.05654EPSS
Exploits1References5
nvd
nvd
added 2010/05/12 11:46 a.m.18 views

CVE-2010-1905

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

4.3CVSS5.8AI score0.02476EPSS
Exploits1References7
nvd
nvd
added 2010/05/12 11:46 a.m.26 views

CVE-2010-1913

The default configuration of pluginlicense.ini for the SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance, when downloaded from a server operated by Telefonica or possibly other companies, contains an incorrect DNS whitelist that include...

9.3CVSS7.2AI score0.05028EPSS
Exploits1References4
nvd
nvd
added 2010/05/12 11:46 a.m.25 views

CVE-2010-1910

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...

5.1CVSS6.7AI score0.02464EPSS
Exploits2References6
nvd
nvd
added 2010/05/12 11:46 a.m.16 views

CVE-2010-1907

The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to discover the username of the client user, and consequently determine a pathname to a certain user directory, via a call to the GetUserName method...

4.3CVSS6.6AI score0.01528EPSS
Exploits1References4
prion
prion
added 2010/05/12 11:46 a.m.23 views

Buffer overflow

Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to execute arbitrary code via vectors involving "CreateProcess params." NOTE: some of these details are obtained...

7.6CVSS8.6AI score0.05654EPSS
Exploits1References5
prion
prion
added 2010/05/12 11:46 a.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to...

4.3CVSS6.1AI score0.02476EPSS
Exploits1References7
prion
prion
added 2010/05/12 11:46 a.m.16 views

Default credentials

The Forgot Password implementation in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to reset passwords of accounts with blank Hint questions and Hint answers by sending an empty value for each of these two Hint fields...

5.1CVSS7.2AI score0.02464EPSS
Exploits2References6
Rows per page
Query Builder