522 matches found
CVE-2011-4290
CVE-2011-4290 involves Moodle 1.9.x before 1.9.12. The vulnerability is in the file lib/weblib.php (Moodle’s web library) and results from issues with URL encoding that enable multiple cross-site scripting (XSS) flaws. Exploitation allows remote attackers to inject arbitrary script/HTML. The docu...
CVE-2011-4290
Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...
PT-2012-1838 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...
Debian: Security Advisory (DSA-2262-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2262-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
Debian DSA-2262-1 : moodle - several vulnerabilities
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0002 Cross-site request forgery vulnerability in RSS block - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete - MSA-11-0008 IMS...
DSA-2262-1 moodle - several
Bulletin has no description...
[SECURITY] [DSA 2262-1] moodle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net
Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage) ByXSSstructure post submission of personal information is modified, the modification is...
Axigen Webmail 7.4.1 Directory Traversal
We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a very serious web vulnerability discovered by Acunetix WVS in Axigen. "Axigen is an integrat...
Ubuntu: Security Advisory (USN-788-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-788-1: Tomcat vulnerabilities
Iida Minehiko discovered that Tomcat did not properly normalise paths. A remote attacker could send specially crafted requests to the server and bypass security restrictions, gaining access to sensitive content. CVE-2008-5515 Yoshihito Fukuyama discovered that Tomcat did not properly handle error...
Authentication flaw
Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...
Nine strokes breakthrough IDS-vulnerability warning-the black bar safety net
Intrusion detectionsystem, The English abbreviation for the IDS, as the name implies, it is used in real time to detect attacks and report the attack. If the firewall than for guarding the network the door the doorman, then theintrusion detectionsystem IDS is proactively looking for criminals in...
phpLD 3.3 (page.php name) Blind SQL Injection Vulnerability
Exploit for unknown platform in category web applications =========================================================== phpLD 3.3 page.php name Blind SQL Injection Vulnerability =========================================================== phpLD 3.3 Blind SQL Injection http://www.phplinkdirectory.com...
Facebook Cross Site Scripting
Found in August, I tried to alert facebook as quickly as was possible - however I received no further correspondence to my communications. At time of writing, it was possible to exploit both Firefox 3 and IE 7 - by simply using an IFRAME or even an object tag. Dependant on the browser target This...
X10media Mp3 Search Engine <= 1.6 Remote File Disclosure Vulnerability
No description provided by source. THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER t4hathotmail.fr Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php...
x10media-disclose.txt
THUNDER X10media Mp3 Search Engine v1.5.5 - 1.6 Remote File Disclosure Vulnerability Founded by : THUNDER Dork: "This search engine is in no way intended for illegal downloads. " File : Download.php =========================================================================================== to rea...
Writeup by Amit Klein (Trusteer): Address Bar Spoofing for IE6
Address Bar Spoofing Attacks against Microsoft Internet Explorer 6 Amit Klein, Trusteer Summary ======= IE6 is the second most popular web browser after IE7, with market share of around 25 according to recent surveys e.g. http://marketshare.hitslink.com/report.aspx?qprid=2. This write-up presents...
HTTP NIDS evasion
This plugin configures OpenVAS for NIDS evasion see the SPDX-FileCopyrightText: 2008 Michel Arboi / Renaud Deraison Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only The HTTP IDS evasion...