Design/Logic Flaw

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

CVE-2012-6106

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

CVE-2012-6106

CVE-2012-6106 affects Moodle 2.4.x (before 2.4.1). The issue is an omitted capability check in calendar/managesubscriptions.php, allowing remote authenticated users (via the student role) to remove course-level calendar subscriptions by sending an iCalendar object. Connected sources confirm the a...

Skype Vendor Website - Cross Site Scripting Vulnerability

Document Title: =============== Skype Vendor Website - Cross Site Scripting Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=309 Release Date: ============= 2011-11-12 Vulnerability Laboratory ID VL-ID: ==================================== 3...

Twitter, Javascript Defeat NYT's $40m Paywall

The New York Times is estimated to have spent $40 million to $50 million to construct an elaborate new paywall that will force some users of the site to pay a monthly fee to read paper content. But just days after rolling out a version of the paywall, the newspaper is playing whack-a-mole with...

[security bulletin] HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Cross Site Request Forgery (CSRF)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c02560655 Version: 2 HPSBMA02598 SSRT100314 rev.2 - HP Insight Control Virtual Machine Management for Windows, Remote Cross Site Scripting XSS, Denial of Service DoS, Cross Site Request Forgery CS...

CVE-2010-3020

The news-feed preview feature in Opera before 10.61 does not properly remove scripts, which allows remote attackers to force subscriptions to arbitrary feeds via crafted content...

CVE-2010-3020

Opera before 10.61 contains a vulnerability in the news-feed preview where scripts are not properly removed, allowing an attacker to force subscriptions to arbitrary feeds via crafted content. Affected software: Opera browser (pre-10.61). Root cause: improper sanitization/removal of scripts in th...

Freeway CMS 1.4.3.210 - SQL Injection

----------------------------------------------------------------------------------------- Freeway CMS 1.4.3.210 SQL Injection Vulnerability ----------------------------------------------------------------------------------------- +Title Freeway CMS 1.4.3.210 SQL Injection Vulnerability +Author...

Joomla Jobs Pro Blind SQL Injection Vulnerability

No description provided by source. Name : Joomla Jobs Pro BSqli Vulnerability Date : july 6,2010 Critical Level : HIGH vendor URL :http://www.instantphp.com/ Price:$105.00 Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger gree...

Joomla Jobs Pro Blind SQL Injection

Name : Joomla Jobs Pro BSqli Vulnerability Date : july 6,2010 Critical Level : HIGH vendor URL :http://www.instantphp.com/ Price:$105.00 Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger greetz to :www.topsecure.net ,All ICW...

SA-CONTRIB-2010-055 - Simplenews - Access bypass

Simplenews publishes and sends email newsletters to lists of subscribers, with both anonymous and authenticated users being able to opt-in to mailing lists. The user subscription form does not use the correct access permission resulting in any user with the permission 'subscribe to newsletters'...

UBB.Threads 6 Remote File Inclusion

..:::::::::.. ..:::aad8888888baa:::.. .::::d:?88888888888?::8b::::. .:::d8888:?88888888??a888888b:::. .:::d8888888a8888888aa8888888888b:::. ::::dP::::::::Dz-GhostTeam:::::::Yb:::: ::::dP:::::::::Y888888888P:::::::::Yb:::: ::::d8:::::::::::indoushka:::::::::::8b::::...

openSUSE Security Update : cups (cups-322)

local users could crash cups by adding a large number of RSS subscriptions CVE-2008-5183, CVE-2008-5184. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update cups-322. The text description of this...

Ubuntu: Security Advisory (USN-707-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

No description provided by source. AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems,...

AMember 3.1.7 (XSS/SQL/HI) Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ========================================================== AMember 3.1.7 XSS/SQL/HI Multiple Remote Vulnerabilities ========================================================== AMember - Multiple Vulnerabilities Version Affected: 3.1.7...

amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection

amember 3.1.7 - Cross-Site Scripting SQL Injection HTML Injection AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow...

AMember 3.1.7 XSS / SQL Injection

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...

[InterN0T] AMember 3.1.7 - Multiple Vulnerabilities

AMember - Multiple Vulnerabilities Version Affected: 3.1.7 Apr-10-2009 newest Info: aMember is a flexible membership and subscription management PHP script. It has support for PayPal, BeanStream, 2Checkout, NoChex, VeriSign PayFlow, Authorize.Net, PaySystems, Probilling, Multicards, E-Gold and...