[SA19439] Cholod Mysql based message board Script Insertion and SQL Injection

TITLE: Cholod Mysql based message board Script Insertion and SQL Injection SECUNIA ADVISORY ID: SA19439 VERIFY ADVISORY: http://secunia.com/advisories/19439/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Manipulation of data WHERE: From remote SOFTWARE: Cholod Mysql based message...

[SA19341] Blazix Web Server JSP Source Code Disclosure Vulnerability

TITLE: Blazix Web Server JSP Source Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA19341 VERIFY ADVISORY: http://secunia.com/advisories/19341/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Blazix 1.x http://secunia.com/product/8961/...

classifiedZONE v1.2 XSS vuln.

classifiedZONE v1.2 XSS vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/classifieds/ affected versions:v.1.2 and prior Vuln. Description: classifiedZONE contains a flaw that allows a remote cross site scripting attack. This flaw exists because inp...

couponZONE v.4.2 Multiple vuln.

couponZONE v.4.2 Multiple vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/coupons affected versions:v.4.2 and prior orginal advisory:http://pridels.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html Vuln. Description: 1. SQL vuln. couponZONE...

Connect Daily Web Calendar Software Multiple XSS vuln.

Connect Daily Web Calendar Software Multiple XSS vuln. Vuln. discovered by : r0t Date: 27 march 2006 vendor:http://www.mhsoftware.com/connectdaily.htm affected versions:3.2.9 and prior orginal advisory:http://pridels.blogspot.com/2006/03/connect-daily-multiple-xss-vuln.html Vuln. description:...

[SA19415] Absolute Live Support XE Script Insertion Vulnerability

TITLE: Absolute Live Support XE Script Insertion Vulnerability SECUNIA ADVISORY ID: SA19415 VERIFY ADVISORY: http://secunia.com/advisories/19415/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Absolute Live Support XE 2.x http://secunia.com/product/8929/...

XSS in <= Toast Forums 1.6

XSS in = Toast Forums 1.6 Vuln. discovered by : r0t Date: 25 march 2005 vendor:http://www.toastforums.com/ affected versions: 1.6 and prior orginal advisory: http://pridels.blogspot.com/2006/03/xss-in-toast-forums-16.html Vuln. Description. Toast Forums contains a flaw that allows a remote cross...

CVE-2006-1391

The CVE-2006-1391 entry concerns two web servers: Quick 'n Easy Web Server (before 3.1.1) and Baby ASP Web Server (2.7.2). The issue is that an attacker can remotely obtain the source code of ASP files by crafting URLs where the extension uses a dot/space (e.g., manipulating the URL extension), e...

Absolute FAQ Manager .NET XSS vuln.

Absolute FAQ Manager .NET XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: http://www.xigla.com/absolutefmnet/ affected versions: Version 4.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/absolute-faq-manager-net-xss-vuln.html Vuln. Description: Absolute FAQ Manag...

SweetSuite.NET - ssCMS 2.1.x XSS vuln.

SweetSuite.NET - ssCMS 2.1.x XSS vuln. Vuln. discovered by : r0t Date: 25 march 2006 vendor: www.sweetsuite.net/ssCMSMain.aspx affected versions: 2.1.0 and prior orginal advisory: http://pridels.blogspot.com/2006/03/sweetsuitenet-sscms-21x-xss-vuln.html Vuln. Description: ssCMS contains a flaw th...

CVE-2006-1391

The a Quick 'n Easy Web Server before 3.1.1 and b Baby ASP Web Server 2.7.2 allows remote attackers to obtain the source code of ASP files via 1 . dot and 2 space characters in the extension of a URL...

Design/Logic Flaw

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via 1 . dot and 2 space characters in the extension of a URL...

CVE-2006-0816

Orion Application Server before 2.0.7 on Windows is affected by a filename extension validation flaw that allows remote disclosure of JSP source code. An attacker can craft a URL with dot or space characters in the extension to reveal the contents of JSP files. The vulnerability impacts confident...

[SA19312] Baby Web Server ASP Code Disclosure Vulnerability

TITLE: Baby Web Server ASP Code Disclosure Vulnerability SECUNIA ADVISORY ID: SA19312 VERIFY ADVISORY: http://secunia.com/advisories/19312/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Baby ASP Web Server 2.x http://secunia.com/product/8915/...

[SA19379] CoMoblog "img.php" Cross-Site Scripting Vulnerability

TITLE: CoMoblog "img.php" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA19379 VERIFY ADVISORY: http://secunia.com/advisories/19379/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: CoMoblog 1.x http://secunia.com/product/8906/ DESCRIPTION: FarhadKey ha...

Orion application server source code disclosure

It's possible to access JSP page content by adding dot with space character to file extention...

Orion < 2.0.7 Crafted Filename Extension Source Code Disclosure

Binary data 3486.prm...

AdMan v1.0.x SQL vuln

AdMan v1.0.x SQL vuln Vuln. discovered by : r0t Date: 23 march 2006 vendor:www.formfields.com/adManArea/ affected versions: v1.0.20051221 and prior orginal advisory: http://pridels.blogspot.com/2006/03/adman-v10x-sql-vuln.html SQL vuln. AdMan contains a flaw that allows a remote sql injection...