52 matches found
phpMyWindV5.4用户评论处存储型xss
...
INFOR EAM 11.0 Build 201410 Cross Site Scripting
Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...
Easy Author Image 1.5 - Email Disclosure
When the plugin, "Easy Author Image" is used in a Wordpress site to handle user comments, what it does is put the email address of the commentator in the "alt" field of the user's avatar...
Vimeo: A user can post comments on other user's private videos
It is possible for a user to post comments on other's private videos. Steps to verify: 1. Log into www.vimeo.com as Alice and create a video say, AliceVideo with id - 118026546 with 'Allow anyone to see my videos' setting. 2. Login as Bob and create an album say, BobAlbum with album id 3295969. 3...
Windows Gather Active Directory User Comments
This module will enumerate user accounts in the default Active Domain AD directory which contain 'pass' in their description or comment case-insensitive by default. In some cases, such users have their passwords specified in these fields. This module requires Metasploit:...
SA-CONTRIB-2013-048 - Edit Limit - Access Bypass
Edit Limit enables you to set time and count-based limits on how and when a user can edit nodes or comments. The module doesn't sufficiently check user access when editing comments to see if the user has the necessary permissions to edit a comment outside of the limits applied by this module. Thi...
Facebook Open to Comments on Proposed Privacy Policy Changes
Facebook today announced proposed changes to its privacy policy that may better explain how it uses cookies and how long it retains your data, which is: “as long as necessary.” In addition, it wants the option to use your data for advertising on third-party Web sites. In a message called “Enhanci...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 snippets in a user comment, which is not properly handled in a Confluence page, or 2 the user profile display name,...
CreateLive CMS Version 4.0 0day-vulnerability warning-the black bar safety net
CreateLive CMS Version 4.0 0day.doc by:xiaok q:391232032.771044833 time: 2008-2-4 0 2:1 0 XP SP2 ie7 iis5. 1...... A tribute to D. S. T you gay, cause Hell-Phantom, the actuator on thin ice, causing the old D, The actuator Doom, causing the group to get help with the culture of the rogue...
catalogshop.txt
Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Mambo CatalogShop Attack method: Remote File Inclusion Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below...
CVE-2005-2152
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article...
Invision Power Top Site List 1.1 RC 2 - SQL Injection
Invision Power Top Site List 1.1 RC 2 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site...