1777 matches found
CVE-2007-4239
Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...
CVE-2007-4239
Cross-site scripting XSS vulnerability in user/forgotPassStep2.jsp in the admin interface in C-SAM oneWallet 21007062007;1.0 allows remote attackers to inject arbitrary web script or HTML via the loginID parameter...
CVE-2007-4239
The CVE-2007-4239 entry describes a Cross-site scripting (XSS) vulnerability in the admin interface of C‑SAM oneWallet 210_07062007;1.0, specifically in user/forgotPassStep2.jsp. The issue allows remote attackers to inject arbitrary web script or HTML via the loginID parameter. The provided docum...
csam-xss.txt
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null%22%3e%3cscript%3ealert%22XSS!%22%3c%2fscript%3e Sucessfully tested with Version...
C-SAM oneWallet forget password Cross Site Scripting vulnerability
A XSS vulnerability is identified in C-SAM oneWallet web admin interface. This vulnerability exists in the forget password page. http://myserver:myport/tp/web/oneWallet/user/forgotPassStep2.jsp?loginID=null223e3cscript3ealert22XSS!223c2fscript3e Sucessfully tested with Version 21007062007;1.0...
CVE-2005-4856
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with 1...
[Full-disclosure] Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability
netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...
ag-traverse.txt
netVigilance Security Advisory 13 Advanced Guestbook version 2.4.2 Directory Traversal Vulnerability Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , html tags handlin...
Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities
netVigilance Security Advisory 11 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities Description: Advanced Guestbook is a PHP-based guestbook script. It includes many useful features such as preview, templates, e-mail notification, picture upload, page spanning , htm...
CVE-2007-2000
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 pseudo or 2 passe parameter...
CVE-2007-2001
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" background color field and other unspecified fields, which injects into config.inc.php3...
CVE-2007-1622
Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...
Nullsoft ShoutcastServer Persistant XSS - 0day
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: Nullsoft ShoutcastServer | Version: 1.9.7/Win32 other versions/platforms not tested |...
Powerschool 404 Admin Exposure
Powerschool 4.3.6 and possibly other versions expose the admin interface when requesting any file with .js This allows one to see some directory and file names inside the admin folder. POC: http://powerschoolip/admin/.js Product's website does not provide email contact?...
Advanced Poll <= 2.0.5-dev Remote Code Execution Exploit
Exploit for unknown platform in category web applications ======================================================== Advanced Poll = 2.0.5-dev textfile RCE. date: 30/07/06 PHCKSEC c 2001-2006. Hey, what a mad world! use strict; use warnings; use LWP::UserAgent; use MD5; args: http://url/apollpath c...
phplinkdirectory_070121.txt
Smilehouse Oy -= Security Advisory =- Advisory: PHP Link Directory XSS Vulnerability Release Date: 2007/01/21 Last Modified: 2007/01/21 Authors: Jussi Vuokko, CISSP [email protected] Henri Lindberg, Associate of ISC² [email protected] Application: PHP Link Directory = 3.0.6...
CVE-2007-0402
Cross-site scripting XSS vulnerability in admin/editmember.php in Easebay Resources Paypal Subscription Manager allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2006-5515
Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...
CVE-2006-5515
Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...
PT-2006-5910 · Buffalo · Buffalo Terastation Hd-Htgl
Name of the Vulnerable Software and Affected Versions: Buffalo TeraStation HD-HTGL firmware versions prior to 2.05 beta 1 Description: A cross-site request forgery issue exists in the administrative interface, allowing remote attackers to modify configurations or delete arbitrary data...