posts software vulnerabilities
vulnerabilities.aspcode.net
Searching posts software vulnerabilities
Cross-site scripting (CSS) vulnerability in Icr
Cross-site
|
scripting
|
Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows remote attackers to execute arbitrary script and steal cookies as other IcrediBB users via the (1) title or (2) body of posts.
Cross-site scripting (XSS) vulnerability in Goo
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
Unspecified vulnerability in Journalness 3.0.7
vulnerability
|
Journalness
|
Unspecified
|
Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
Multiple SQL injection vulnerabilities in PunBB
vulnerabilities
|
injection
|
Multiple
|
PunBB
|
SQL
|
Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.
Invision Power Board (IPB) 1.0 through 1.3 allo
Invision
|
Board
|
Power
|
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
delete.php in Plague News System 0.6 and earlie
unauthenticated
|
attackers
|
deletephp
|
parameter
|
modifying
|
comments
|
shoutbox
|
earlier
|
Plague
|
delete
|
allows
|
remote
|
System
|
posts
|
News
|
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
FUDForum 2.6.15 with "Tree View" enabled, as us
FUDForum
|
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
Cross-site scripting (XSS) vulnerabilities in E
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
An unspecified Fortinet product, possibly Forti
unspecified
|
Fortinet28
|
attackers
|
synflood"
|
Fortinet
|
possibly
|
product
|
service
|
"small
|
denial
|
remote
|
allows
|
cause
|
port
|
SMTP
|
via
|
An unspecified Fortinet product, possibly Fortinet28, allows remote attackers to cause a denial of service via a "small synflood" to the SMTP port (TCP port 25), as demonstrated by a 10-microsecond wait between sending packets. NOTE: this issue has been disputed in followup posts that suggest that a protection feature is triggering a RST.
admin/radera/tabort.asp in Hogstorps hogstorp g
admin/radera/tabortasp
|
credentials
|
parameter
|
attackers
|
Hogstorps
|
arbitrary
|
guestbook
|
modified
|
hogstorp
|
remote
|
delete
|
verify
|
allows
|
posts
|
delID
|
which
|
does
|
user
|
via
|
not
|
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
admin/redigera/redigera2.asp in Hogstorps hogst
admin/redigera/redigera2asp
|
unspecified
|
credentials
|
attackers
|
arbitrary
|
Hogstorps
|
Guestbook
|
hogstorp
|
vectors
|
remote
|
allows
|
verify
|
posts
|
which
|
does
|
user
|
edit
|
not
|
via
|
admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does not verify user credentials, which allows remote attackers to edit arbitrary posts via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Symantec Brightmail AntiSpam (SBAS) before 6.0.
Brightmail
|
AntiSpam
|
Symantec
|
Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allows remote attackers to cause a denial of service (application freeze) "by sending invalid posts".
Unspecified vulnerability in func_topic_threade
func_topic_threadedphp
|
vulnerability
|
Unspecified
|
Unspecified vulnerability in func_topic_threaded.php (aka threaded view mode) in Invision Power Board (IPB) before 2.1.7 21013.60810.s allows remote attackers to "access posts outside the topic."
PHP remote file inclusion vulnerability in incl
includes/functions_user_viewed_postsphp
|
phpbb_root_path
|
vulnerability
|
parameter
|
attackers
|
inclusion
|
arbitrary
|
Tracker
|
earlier
|
Nivisec
|
execute
|
allows
|
Viewed
|
remote
|
module
|
phpBB
|
Posts
|
code
|
User
|
file
|
PHP
|
via
|
URL
|
PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and (3) a javascript URI in a URL argument in the photo gallery.
The search function in cgi-lib/user-lib/search.
cgi-lib/user-lib/searchpl
|
web-appnet
|
function
|
before
|
WebAPP
|
search
|
The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before Saturday, September 09, 2006 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info{'forum'} variable.
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and pro
xmlrpc
|
xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows remote authenticated users with the contributor role to bypass intended access restrictions and invoke the publish_posts functionality, which can be used to "publish a previously saved post."
Cross-site scripting (XSS) vulnerability in inf
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
The Print module before 4.7-1.0 and 5.x before
restricted
|
attackers
|
Drupal
|
allows
|
remote
|
before
|
module
|
posts
|
Print
|
47-10
|
5x-12
|
read
|
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
The Forward module before 4.7-1.1 and 5.x befor
restricted
|
attackers
|
Forward
|
allows
|
remote
|
Drupal
|
before
|
module
|
5x-10
|
posts
|
47-11
|
read
|
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node access modules, via modified URL arguments.
Software vulnerabilities results 1 to 20 of 32
Page:
1
2
►