Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the 1 report parameter to blog/settings or 2 error parameter to users/index...

LiveHelpNow Chat Cross Site Scripting

Exploit Title: LiveHelpNow Chat Cross Site Scripting Date: 21.02.2012 Author: Sony Software Link: http://www.livehelpnow.net/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/livehelpnow-chat-cross-site-scripting.html...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

CVE-2012-1227

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

Jamroom Cross Site Scripting

Exploit Title: Jamroom Cross Site Scripting Date: 19.02.2012 Author: Sony Software Link: http://www.jamroom.net Google Dorks: Powered by Jamroom Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/jamroom-cross-site-scripting.html...

SICT SQL Injection

Exploit Title: SICT SQL Injection Author: Th4 MasK Contact to ; [email protected] Vendor : http://www.sict.gov.bd/ Date : 19.02.2012 Platform : Php Demos Site : http://www.mocat.gov.bd/personnel.php?id=1'27a Virüslerden Önce Akil Var. Bilinmezlik DiyarinDan Olmassa Olmazimdir. Bazi seyler...

ButorWiki Cross Site Scripting

Exploit Title: ButorWiki Cross Site Scripting Date: 16.02.2012 Author: Sony Software Link: http://www.butor.com/ Software Version: 3.0.0 Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/butorwiki-cross-site-scripting.html...

Al Jazeera news network hacked by Syrian Hackers

Al Jazeera news network hacked by Syrian Hackers Arabic-language news network Al Jazeera's website was hacked last week by a Syrian hacktivist group in support of the government's actions in the country. Aljazeera is broadcaster owned by the state of Qatar through the Qatar Media Corporation and...

Bart`s CMS - SQL Injection Vulnerability

Title: ====== Barts CMS - SQL Injection Vulnerability Date: ===== 2012-01-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=390 VL-ID: ===== 390 Introduction: ============= It is a website Content Management System that is build with Codecharge Studio. There will also ...

Pluck CMS 4.7 Cross Site Request Forgery

Exploit Title: Pluck cms multiple vulnerabilit� Date: 09/01/2012 Author: Gordon Security Vendor or Software Link: www.pluck-cms.org Version: 4.7 Category: webapps Website:www.gordon-security.blogspot.com C.S.R.F. 1 p.o.c. Change admin e-mail and change title blog Gordon Security...

Pluck cms v4.7 CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Pluck cms multiple vulnerabilità Date: 09/01/2012 Author: Gordon Security Vendor or Software Link: www.pluck-cms.org Version: 4.7 Category: webapps Website:www.gordon-security.blogspot.com C.S.R.F. 1 Grazie a questo P.o.c...

CVE-2012-1005

Multiple cross-site scripting XSS vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using 1 Blog/MyFirstBlog.txt or 2 Blog/AboutSomething.txt...

CVE-2012-1005

Multiple cross-site scripting XSS vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as demonstrated using 1 Blog/MyFirstBlog.txt or 2 Blog/AboutSomething.txt...

CVE-2012-1005

CVE-2012-1005 affects Sphinx Mobile Web Server

Bo-Blog 2.1.0 remote code execution exploit

No description provided by source...

ScholarGuides Springshare Cross Site Scripting

Exploit Title: ScholarGuides Springshare Cross Site Scripting Date: 6.02.2012 Author: Sony Software Link: http://www.springshare.com/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/02/scholarguides-springshare-cross-site.html...

XWiki Enterprise 3.4 Cross Site Scripting

Exploit Title: XWiki Cross Site Scripting Date: 4.02.2012 Author: Sony Software Link: http://www.xwiki.org/ Software Version: XWiki Enterprise 3.4 Google Dorks: inurl:xwiki/bin/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

DEF-CON Chennai January Meet 2012

DEF-CON Chennai Group DEF-CON Chennai Group 4th meet successfully was held this past weekend on 29th Jan at Le Waterina Resort, Chennai. Team THN also join this Event, It was a nice setup. "We like to thank each and everyone who attended this meet and made it a success story. We like to thank all...

TWiki Cross Site Scripting

Exploit Title: TWiki Cross Site Scripting Date: 31.01.2012 Author: Sony Software Link: http://www.twiki.org Google Dorks: intext:powered by twiki Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/cross-site-scripting-twiki.html...