Lucene search
K

663 matches found

CVE
CVE
added 2008/08/06 6:0 p.m.46 views

CVE-2008-3500

CVE-2008-3500 is an XSS vulnerability in the Drupal Suggested Terms module 5.x up to before 5.x-1.2. The flaw lets remote authenticated users inject arbitrary web script or HTML by crafting Taxonomy terms. Documented impact is cross-site scripting; no exploit details or in-the-wild status are pro...

4.3CVSS5.3AI score0.01065EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2008/07/18 4:41 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

4.3CVSS5.8AI score0.02467EPSS
Exploits0References9Affected Software2
UbuntuCve
UbuntuCve
added 2008/07/18 4:41 p.m.22 views

CVE-2008-3218

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

4.3CVSS6AI score0.02467EPSS
Exploits0References1
NVD
NVD
added 2008/07/18 4:41 p.m.29 views

CVE-2008-3218

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

4.3CVSS5.7AI score0.02467EPSS
Exploits0References9
Cvelist
Cvelist
added 2008/07/18 4:0 p.m.36 views

CVE-2008-3218

Multiple cross-site scripting XSS vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 free tagging taxonomy terms, which are not properly handled on node preview pages, and 2 unspecified OpenID values...

5.5AI score0.02467EPSS
Exploits0References9
seebug.org
seebug.org
added 2008/07/01 12:0 a.m.21 views

BusyBox (uname) Local Format String Exploit

No description provided by source. / lul-busybox.c copyright C 2008 lul-disclosure inc. All rights reserved. this code is distributed with the LPL license agreement http://lul-disclosure.net/LPL.txt moar commonly known as the EULA Epic User License Agreement busybox uname format string exploit by...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/06/28 12:0 a.m.19 views

Drupal Suggested Terms模块多个HTML注入漏洞

BUGTRAQ ID: 29953 Drupal是一款开放源码的内容管理平台。 Drupal的suggested terms模块用于根据用户已提交过的术语提供可自由标记的分类字段。该模块未经正确地过滤便在可点击的列表中显示了分类术语,因此能够创建新的术语条目的用户可以向某些编辑页面中注入任意HTML和脚本代码,当用户查看所推荐的分类术语时就会在浏览器会话中执行这些代码。 Drupal Suggested Terms 5.x-1.1 Drupal ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.drupal.org/...

6.9AI score
Exploits0
Drupal
Drupal
added 2008/06/25 12:0 a.m.18 views

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...

7.2AI score
Exploits0References3
seebug.org
seebug.org
added 2007/12/12 12:0 a.m.29 views

WordPress wp-db.php文件字符集SQL注入漏洞

BUGTRAQ ID: 26795 WordPress是一款免费的论坛Blog系统。 WordPress处理用户数据时存在漏洞,远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress中的大多数数据库查询使用escape方式过滤SQL字符串,实际上是通过addslashes函数过滤输入,而addslashes函数没有考虑SQL字符串中所使用的字符集,盲目的向单引号前插入反斜线,这样的反斜线可能会形成其他有效的字符。以下是wp-includes/query.php中的漏洞代码: // If a search pattern is specified, load the posts...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2007/09/13 12:0 a.m.38 views

wordpress-toolkit-gui.txt

Copyright c 2007 Lance M. Havok . All Rights Reserved. Exploits R' Us: bringing the amazing world of exploitation toys to your mom. Please read http://www.info-pull.com/code/DISCLAIMER for licensing terms. begin require 'pwnpress' require 'rubygems' require 'fox16' include Fox rescue puts "Need...

7.4AI score
Exploits0
CVE
CVE
added 2007/05/02 10:0 a.m.43 views

CVE-2007-2432

CVE-2007-2432 is an XSS vulnerability in nukedit 4.9.7b affecting the utilities/search.asp endpoint, exploitable via the terms parameter to inject arbitrary web script/HTML. The provided documents consistently describe a client-side/script injection risk without detailing exploitation status or p...

6.8CVSS5.6AI score0.01837EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.27 views

FreeBSD : phpwebftp -- 'language' Local File Inclusion (d9dc2697-dadf-11da-912f-00123ffe8333)

Secunia reports : phpWebFTP have a vulnerability, which can be exploited by malicious people to disclose sensitive information. Input passed to the 'language' parameter in index.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from...

6.4CVSS5.4AI score0.01764EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2004/07/06 12:0 a.m.28 views

FreeBSD : qpopper format string vulnerability (160)

The following package needs to be updated: qpopper %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgebdf65c72ca611d893550020ed76ef5a.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

6.5AI score0.03349EPSS
Exploits0References21
Redos
Redos
added 1976/01/01 12:0 a.m.4 views

ROS-2-1121

2.1121 Notification on update of the Red OS OPERATION SYSTEM RU.29926343.02.01-01-25 RED SOFT LLC announces the completion of the RED OS 8 testing procedure and the release of the certified RED OS 8 distribution kit. To purchase the new installation kit including the form, copy of the certificate...

5.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.13 views

Update for Windows Vista for x64-based Systems (KB955430)

Install this update to enable future updates to install successfully on all editions of Windows Vista. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed. This update is provided to you and licensed under the Windows Vist...

2.7AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.268 views

Update for Windows Server 2008 (KB955430)

Install this update to enable future updates to install successfully on all editions of Windows Server 2008. This update may be required before selected future updates can be installed. After you install this item, it cannot be removed. This update is provided to you and licensed under the Window...

2.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.15 views

Security Update for Windows Vista (KB957097)

A security issue has been identified that could allow an authenticated remote attacker to compromise your Microsoft Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your...

3.3AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.17 views

Windows Server 2008 Service Pack 2 Standalone (KB948465) - All Languages

Windows Server 2008 Service Pack 2 is an update to Windows Server 2008 that includes all of the updates that have been delivered since product release, as well as support for new types of hardware and emerging hardware standards. After you install this item, you may have to restart your computer...

2.6AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.13 views

Windows Server 2008 Service Pack 2 Standalone x64-based Systems (KB948465) - All Languages

Windows Server 2008 Service Pack 2 is an update to Windows Server 2008 that includes all of the updates that have been delivered since product release, as well as support for new types of hardware and emerging hardware standards. After you install this item, you may have to restart your computer...

2.4AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.12 views

Security Update for Windows Vista for x64-based Systems (KB961501)

A security issue has been identified that could allow an unauthenticated remote attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system. This update i...

3.1AI score
Exploits0
Rows per page
Query Builder