HackDig : Dig high-quality web security articles for hacker

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site. Input passed to the ‘files[0][file]‘ parameter in ‘/ip_
Publish At:2014-08-13 01:56 | Read:4522 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the &#
Publish At:2014-08-13 01:56 | Read:4275 | Comments:0 | Tags:Internal admin advisory arbitrary auth code fix html inserti

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud