InTerra Blog Machine 1.84 - Cross-Site Scripting

InTerra Blog Machine 1.84 - Cross-Site Scripting Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably...

InTerra Blog Machine 1.84 - Cross-Site Scripting

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 201...

HTB22931: XSS vulnerability in InTerra Blog Machine

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

Interra Blog Machine 1.84 Cross Site Scripting

Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachine.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably prior versions Vendor Notification: 31 March 2011...

InTerra Blog Machine 1.84 - subject HTML Injection

InTerra Blog Machine 1.84 - subject HTML Injection source: https://www.securityfocus.com/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code ...

Ays Blog v1.6 => Remote File Update Vulnerability

Exploit for php platform in category web applications Ays Blog v1.6 = Remote File Update Vulnerability ----------------------------------------------------------- I KnocKout MEMBER FROM Inj3ct0r Team 1337 DAY .. My + Author : KnocKout Contact : email protected E-Mail : email protected HomePage :...

InTerra Blog Machine 1.84 - 'subject' HTML Injection

source: https://www.securityfocus.com/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

Debian DSA-2206-1 : mahara - several vulnerabilities

Two security vulnerabilities have been discovered in Mahara, a fully featured electronic portfolio, weblog, resume builder and social networking system : - CVE-2011-0439 A security review commissioned by a Mahara user discovered that Mahara processes unsanitized input which can lead to cross-site...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to hijack the authentication of arbitrary users for requests that delete blogs...

PluggedOut Blog 1.9.9 Cross Site Scripting

f0und by: kurdish hackers team group: kurd-team c0ntact: [email protected] site: www.kurdteam.org ================================= ==============script=============== ================================= script: PluggedOut Blog 1.9.9 d0rk:"Powered by PluggedOut Blog 1.9.9i, © Jonathan Beckett, 2006,...

Shimbi CMS SQL Injection

Title : Shimbi CMS Vulnerable to Multiple SQL Injections Vendor : http://www.shimbi.in/ Found by : p0pc0rn Dork : intext:"Powered By Shimbi CMS" SQL Injection in details.php parameter --------------------------------------- http://site.com/details.php?id=sql POC ---...

Adobe Pushes Critical Patch in Flash Player, Reader, Acrobat

Adobe said it is releasing security updates on Monday to address a critical vulnerability in Adobe Flash Player that is being exploited in the wild and could allow a remote attacker to take control of the affected system. The patch is a follow-up to a March 14 Security Advisory from the company...

PluggedOut Blog 1.9.9 - year Cross-Site Scripting

PluggedOut Blog 1.9.9 - year Cross-Site Scripting source: https://www.securityfocus.com/bid/46962/info PluggedOut Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may...

Shimbi CMS - Multiple SQL Injections

Shimbi CMS - Multiple SQL Injections Title : Shimbi CMS Vulnerable to Multiple SQL Injections Vendor : http://www.shimbi.in/ Found by : p0pc0rn Dork : intext:"Powered By Shimbi CMS" SQL Injection in details.php parameter --------------------------------------- http://site.com/details.php?id=sql P...

Shimbi CMS - Multiple SQL Injections

Title : Shimbi CMS Vulnerable to Multiple SQL Injections Vendor : http://www.shimbi.in/ Found by : p0pc0rn Dork : intext:"Powered By Shimbi CMS" SQL Injection in details.php parameter --------------------------------------- http://site.com/details.php?id=sql POC ---...

PluggedOut Blog 1.9.9 - 'year' Cross-Site Scripting

source: https://www.securityfocus.com/bid/46962/info PluggedOut Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in...

Tumblr security flaw, Clarification by Tumblr official staff !

Tumblr security flaw, Clarification by Tumblr official staff ! On our yesterday post about Tumblr security flaw : server IPS, API keys, passwords, etc were leaked, Finally Tumblr official staff gives a statement to all their users as below : A human error caused some sensitive server configuratio...

Tugux CMS - 'nid' Blind SQL Injection

=================================================================== Tugux CMS nid BLIND sql injection vulnerability =================================================================== Software: Tugux CMS Vendor: www.tugux.com Vuln Type: BLind SQL Injection Download link:...

Cross-site Request Forgery (CSRF) Vulnerability in InTerra Blog Machine

High-Tech Bridge SA Security Research Lab has discovered vulnerability in InTerra Blog Machine which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in InTerra Blog Machine: CVE-2011-1670 The vulnerability exists due to insufficien...

ABBS Audio Media Player 3.0 - '.lst' Local Buffer Overflow (SEH)

Exploit Title: ABBS Audio Media Player Buffer Overflow Exploit SEH Software Link: http://abbs.qsnx.net/downloads/abbs-amp.zip Version: 3.0 Tested on: Win XP SP3 French Date: 14/03/2011 Author: h1ch4m Email: [email protected] Home: http://net-effects.blogspot.com my $file= "exploit.lst"; my $size =...