Lucene search
K

52 matches found

seebug.org
seebug.org
added 2018/03/07 12:0 a.m.41 views

phpMyWindV5.4用户评论处存储型xss

...

0.8AI score
Exploits0
Packet Storm
Packet Storm
added 2017/05/15 12:0 a.m.38 views

INFOR EAM 11.0 Build 201410 Cross Site Scripting

Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...

5.6AI score0.00954EPSS
Exploits5
WPVulnDB
WPVulnDB
added 2015/05/26 12:0 a.m.12 views

Easy Author Image 1.5 - Email Disclosure

When the plugin, "Easy Author Image" is used in a Wordpress site to handle user comments, what it does is put the email address of the commentator in the "alt" field of the user's avatar...

1.1AI score
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2015/03/10 6:13 p.m.11 views

Vimeo: A user can post comments on other user's private videos

It is possible for a user to post comments on other's private videos. Steps to verify: 1. Log into www.vimeo.com as Alice and create a video say, AliceVideo with id - 118026546 with 'Allow anyone to see my videos' setting. 2. Login as Bob and create an album say, BobAlbum with album id 3295969. 3...

0.3AI score
Exploits0
Metasploit
Metasploit
added 2013/11/07 8:48 p.m.37 views

Windows Gather Active Directory User Comments

This module will enumerate user accounts in the default Active Domain AD directory which contain 'pass' in their description or comment case-insensitive by default. In some cases, such users have their passwords specified in these fields. This module requires Metasploit:...

1AI score
Exploits0
Drupal
Drupal
added 2013/05/29 12:0 a.m.19 views

SA-CONTRIB-2013-048 - Edit Limit - Access Bypass

Edit Limit enables you to set time and count-based limits on how and when a user can edit nodes or comments. The module doesn't sufficiently check user access when editing comments to see if the user has the necessary permissions to edit a comment outside of the limits applied by this module. Thi...

5CVSS6.3AI score0.01556EPSS
Exploits0References10
ThreatPost
ThreatPost
added 2012/05/12 12:54 a.m.12 views

Facebook Open to Comments on Proposed Privacy Policy Changes

Facebook today announced proposed changes to its privacy policy that may better explain how it uses cookies and how long it retains your data, which is: “as long as necessary.” In addition, it wants the option to use your data for advertising on third-party Web sites. In a message called “Enhanci...

0.1AI score
Exploits0References2
Prion
Prion
added 2011/12/15 3:57 a.m.24 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the user profile feature in Atlassian FishEye before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via 1 snippets in a user comment, which is not properly handled in a Confluence page, or 2 the user profile display name,...

4.3CVSS6AI score0.01586EPSS
Exploits0References9Affected Software1
myhack58
myhack58
added 2008/03/18 12:0 a.m.37 views

CreateLive CMS Version 4.0 0day-vulnerability warning-the black bar safety net

CreateLive CMS Version 4.0 0day.doc by:xiaok q:391232032.771044833 time: 2008-2-4 0 2:1 0 XP SP2 ie7 iis5. 1...... A tribute to D. S. T you gay, cause Hell-Phantom, the actuator on thin ice, causing the old D, The actuator Doom, causing the group to get help with the culture of the rogue...

7.3AI score
Exploits0
Packet Storm
Packet Storm
added 2006/08/27 12:0 a.m.37 views

catalogshop.txt

Aria-Security.net Advisory Discovered by: O.U.T.L.A.W Gr33t to: A.U.R.A & Hessam-X & Cl0wn & DrtRp Software: Mambo CatalogShop Attack method: Remote File Inclusion Descriptio : This is a modified version of the FacileForms mambot, which allows you to add and view user comments and ratings below...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2005/07/06 4:0 a.m.17 views

CVE-2005-2152

SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article...

8.4AI score0.01211EPSS
Exploits0References4
exploitpack
exploitpack
added 2004/03/21 12:0 a.m.20 views

Invision Power Top Site List 1.1 RC 2 - SQL Injection

Invision Power Top Site List 1.1 RC 2 - SQL Injection Invision Power Top Site List SQL Injection Vendor: Invision Power Services Product: Invision Power Top Site List Version: = 1.1 RC 2 Website: http://www.invisiontsl.com/ BID: 9945 Description: Invision Power Top Site List is a flexible site...

8.6AI score
Exploits0
Rows per page
Query Builder