32 matches found
Codoforum 4.8.3 Cross Site Scripting
Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...
php: Heap buffer over-read in exif_process_user_comment()
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exifreaddata function, in PHP versions 7.1.x below 7.1.31, 7.2.x below 7.2.21 and 7.3.x below 7.3.8 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information...
FreeBSD : Gitlab -- Multiple vulnerabilities (467b7cbe-257d-11e9-8573-001b217b3468)
Gitlab reports : Remote Command Execution via GitLab Pages Covert Redirect to Steal GitHub/Bitbucket Tokens Remote Mirror Branches Leaked by Git Transfer Refs Denial of Service with Markdown Guests Can View List of Group Merge Requests Guest Can View Merge Request Titles via System Notes Persiste...
Vanilla: A user can comment in private discussions without having permission to access the discussion
Hello team, I have found a vulnerability which allows a user who does not have access to a discussion to comment on it and thus avoid the control applied. http://littleguy.vanillastaging.com/ Proof Of Concept ============= For this proof of concept I have used 3 users. User A creates a PRIVATE...
Pixelpost 1.4.3 User Comment HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
CVE-2006-6844
Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...
CVE-2006-6844
Cross-site scripting XSS vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form...
XSS - CMS Made Simple v1.0.2
Product: CMS Made Simple v1.0.2 Class: XSS Website: http://www.cmsmadesimple.org Found by: L0j1k of D.I.E. Inc. Googledork: "powered by cms made simple" -=-=-=-=- - Summary: Optional user comment module not properly sanitized for script tags. -=-=-=-=- - PoC: Input the following into user comment...
siteframe_5.0.2_xss.txt
Siteframe Beaumont 5.0.2 == User Comment Cross-Site Scripting Vulnerability Information of Software: Software: Siteframe Beaumont 5.0.1a Site: http://www.siteframe.org/ Description of software: Siteframe is a lightweight content-management system designed for the rapid deployment of community-bas...
CVE-2002-0008
Bugzilla before 2.14.1 allows remote attackers to 1 spoof a user comment via an HTTP request to processbug.cgi using the "who" parameter, instead of the Bugzillalogin cookie, or 2 post a bug as another user by modifying the reporter parameter to enterbug.cgi, which is passed to postbug.cgi...
CVE-2002-0008
CVE-2002-0008 affects Bugzilla prior to 2.14.1. The vulnerability allows remote attackers to impersonate users: (1) spoof a user comment by sending a request to process_bug.cgi using the who parameter instead of the Bugzilla_login cookie, and (2) post a bug as another user by altering the reporte...